>  Phil  Fowler, 


IT  chief  at  Telesis 


Community  Credit 


Union,  found  that 
80%  of  employee 
passwords  could 
be  cracked  in  30 
seconds.  That’s 
when  he  turned 
to  biometrics  for 
system  access 
control. 


BACK 


He’s  back!  IT  nemesis  Nicholas  G.  Carr  says  corporate  IT 
is  doomed  to  go  the  way  of  the  electric  generator. 


■ometncs: 


Cisco’s  new  security  appliances  spur  a  debate  on 
who’s  really  responsit  le  for  securing  networks. 


Model  Targets 
Health  Records 


Hospitals,  large  physician  groups  offer  small 
practices  hosted  access  to  e-records  systems 


BY  HEATHER  HAVENSTEIN 

As  electronic  medical  records 
take  center  stage  in  the  effort 
to  eliminate  errors  by  physi¬ 
cians  and  bolster  patient  care, 
the  newest  players  trying  to 
tap  the  emerging  software 
market  are  health  care 
providers  themselves. 

Several  large  groups 
of  physicians  are  gearing 
up  to  offer  smaller  med¬ 
ical  practices  access  to 
the  EMR  software  they 
use,  via  an  application 
service  provider  type  of  mod¬ 
el.  Their  goals  are  to  generate 
revenue  and  to  make  it  easier 
to  share  patient  information 
with  other  physicians. 

For  example,  Morgan  Haugh 
Medical  Group,  a  multispecial¬ 


ty  practice  in  Paducah,  Ky.,  has 
begun  discussions  with  other 
doctors  in  that  state  about 
providing  them  with  hosted 
access  to  its  ambulatory  care 
EMR  system  from  San  Francis¬ 
co-based  McKesson  Corp. 

Eventually,  the  group  also 


Go  to  our  Web 
site  tor  more 
health  care  IT 


coverage: 

QUICKLINK 

a5850 


plans  to  open  up  the 
system  to  medical  prac¬ 
tices  in  Tennessee,  Illi¬ 
nois  and  Missouri,  said 
Joe  Paul,  director  of  in¬ 
formation  systems  at 
Morgan  Haugh.  “If  all 
you’re  going  to  do  is  see  peo¬ 
ple  coming  in  with  colds  and 
flu  . . .  you  are  limiting  your¬ 
self  to  what  types  of  revenue 
you  may  bring  in,”  he  said. 

The  group  will  handle  set- 
Health  Records,  page  14 


Missing  Backup  Tapes  Spur 
Encryption  at  lime  Warner 


Data  security  boost 
follows  loss  of  info  on 
600,000  employees 


BY  LUCAS  MEARIAN 

Time  Warner  Inc.  last  week 
said  it  will  “quickly”  begin 
encrypting  all  data  saved  to 
backup  tapes,  after  40  tapes 
with  personal  information  on 
about  600,000  current  and  for¬ 


mer  employees  were  lost  in 
transit  to  a  storage  facility. 

The  incident  is  among  the 
biggest  in  a  string  of  recent 
data-security  mishaps  that 
have  also  affected  companies 
such  as  ChoicePoint  Inc.,  Bank 
of  America  Corp.  and  Reed 
Elsevier  Group  PLC’s  Lexis- 
Nexis  Group  unit. 

A  shipping  container  that 

Missing  Tapes,  page  14 
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Oracle  Moves  to  Upgrade 
Support  for  Database  Users 

Expands  support  windows,  adds  online  tools 


BY  MARC  L.  SONGINI 

ORLANDO 

Looking  to  keep  its  installed 
base  happy,  Oracle  Corp.  has 
quietly  begun  a  number  of  ed¬ 
ucational  and  technical  initia¬ 


tives  in  recent  months  to  beef 
up  its  database  and  applica¬ 
tion  server  support  offerings. 

At  last  week’s  International 
Oracle  Users  Group  Live  2005 
database  user  conference  here, 


newly  installed  Oracle  CIO 
David  Thompson  highlighted 
updates  to  maintenance  poli¬ 
cies  that  have  been  added 
gradually  since  late  last  year. 

He  also  detailed  new  fea¬ 
tures  that  the  company  has 
added  to  its  MetaLink  online 
support  system,  such  as  live 
Web  conferencing. 

Users  at  the  IOUG  event 
were  generally  upbeat  about 
the  support  changes,  although 
some  said  they  have  found  the 
way  Oracle  distributes  its  soft¬ 
ware  patches  and  security 
fixes  to  be  troublesome. 

Oracle,  page  41 


MORE  INSIDE 

IT  veterans  say  user  group  membership 
otters  big  paybacks  for  your  organization 
-  and  your  career.  Page  29 
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We  brought  the  power  of  the  network  to  the  copier. 
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i  And  the  potential  of  another  day  is  realized. 
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If  you  could  create,  manage,  and  share  documents  on  paper 
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or  over  the  network,  imagine  what  you  could  accomplish  with 


your  day.  With  Canon’s  latest  addition  to  the  imageRUNNER” 


line,  every  day’s  potential  can  be  realized.  With  the  new 


imageRUNNER  4570,  Canon  gives  you  another  innovative 
solution  to  seamlessly  integrate  the  paper  world  with  the 

'  -j 

digital  world.  And  the  imageRUNNER  4570  can  be  tailored 
to  meet  your  business  needs.  In  other  words,  when  you 


choose  the  new  imageRUNNER  4570,  you  choose  to  work 


the  way  you  need  to. 

www.imagerunner.com  1-800-OK-CAN0N 
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CASE  STUDY:  ■ 

A  Data  Storage  Remedy 


Insight  helped  a  Texas  hospital  ensure  its  storage 
technology  would  accommodate  the  complex  HIPAA 
regulations,  architecting  a  storage  solution  that  boosted 
efficiencies  across  the  hospital  infrastructure.  Plus, 
the  hospital  was  able  to  meet  compliance  despite 
budget  constraints  thanks  to  Insight’s  creative  leasing 
solution.  From  design  and  integration  to  maintenance 
and  financing,  Insight  made 
storage  management  worry-free. 
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New  laws  are  forcing  companies 
to  save  more  data  than  ever  before. 
As  one  of  the  world’s  largest 
providers  of  IT  products  and 
services,  Insight  combines  leading 
storage  technologies  with  on-call 
storage  expertise  and  services  to  help 
ensure  your  data  is  safe,  available 
and  in  compliance.  Find  out  how 
we  can  put  IT  to  work  for  you. 
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Lurking  Liabilities  in  Security  Law 

In  the  Management  section:  Some  laws  and 
regulations  get  all  the  attention,  but  others  can 
have  equally  disastrous  consequences  that  you 
might  not  be  aware  of.  Here  are  five  security- 
related  issues  to  watch  out  for.  Page  31 
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A  Broader  View 

Also  in  the  Management  section:  You  can 

learn  technology  from  a  book  or  from  formal 
education,  but  veteran  IT  professionals  say 
user  group  membership  can  offer  bigger  payback 
for  your  organization  and  your  career.  Page  29 
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6  Solaris  10  has  been  down¬ 
loaded  1.3  million  times,  says 
Sun.  But  it’s  unsure  how  many 
users  are  actually  installing 
the  operating  system. 

6  EMC  plans  to  release  a  mid¬ 
range  Centera  array  offering 
half  the  capacity  of  the  high- 
end  model  at  65%  of  the  cost. 

7  At  Interop,  new  Cisco  devices 
spark  a  debate  over  whether 
IT  execs  or  service  providers 
are  responsible  for  network 
security.  Also,  a  vendor  group 
details  a  proposed  network 
access  control  standard. 

8  Q&A:  Gerald  Cohen,  Informa¬ 
tion  Builders’  CEO,  takes 
issue  with  Bill  Gates’  asser¬ 
tion  that  the  H-1B  visa  cap 
should  be  eliminated. 

8  The  20,000  new  H-1B  visas 

that  Congress  approved  last 
fall  are  finally  being  made 
available  this  week. 

9  IBM  details  plans  to  integrate 
Ascential’s  products  with  its 
own,  and  users  are  optimistic. 

9  Apple  aims  for  a  bigger  share 
of  the  server  market  with  its 
new  Tiger  OS,  but  whether  it 
can  attract  new  types  of  users 
is  unclear. 

12  Global  Dispatches:  An  Aus¬ 
tralian  state  plans  to  ban  some 
monitoring  of  employee  e-mail. 

12  IT  is  in  a  transformative  era, 

says  a  Harvard  professor,  but 
day-to-day  tasks  and  compli¬ 
ance  efforts  are  holding  back 
change,  claim  some  IT  pros. 


19  Biometrics:  Back  to  Busi¬ 
ness.  The  events  of  9/11  shift¬ 
ed  the  focus  of  the  biometrics 
market  to  the  public  sector, 
but  business  implementations 
are  beginning  to  have  an 
effect  on  the  bottom  line. 

22  Q&A:  Unconventional  Innova¬ 
tion.  Dell  CTO  Kevin  Kettler 
says  the  computer  maker  has 
helped  shape  the  direction 

of  IT  development  to  make 
sure  new  technologies  are 
better  focused  on  meeting 
customer  needs. 

23  Chilling  Out  With  DC  Power. 

DC  power-delivery  systems 
allow  server  racks  to  run  as 
much  as  15%  cooler  than  they 
would  with  AC  systems,  and 
the  reliability  can’t  be  beat. 

24  Security  Manager’s  Journal: 
Protecting  the  Crown  Jew¬ 
els.  Mathias  Thurman  looks 
at  options  for  protecting  the 
source  code  of  his  company’s 
software  products. 
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HflK  32  Q&A:  The  End 
of  Corporate  IT. 
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34  Career  Watch.  What  are 
companies  looking  for  in 
CIOs?  Also,  how  to  differenti¬ 
ate  among  all  those  glowing 
letters  of  recommendation. 


10  On  the  Mark:  Mark  Hall  re¬ 
ports  that  Intel  is  keeping 
Moore’s  Law  valid  for  the 
foreseeable  future  by  develop¬ 
ing  chips  with  more  than  one 
processor  core. 

16  Don  Tennant  admires  Infor¬ 
mation  Builders  CEO  Gerald 
Cohen’s  willingness  to  speak 
his  mind. 

16  Bruce  A.  Stewart  says  CEOs’ 
demands  for  innovation  to 
produce  growth  means  custom 
apps  are  making  a  comeback. 

17  Thornton  A.  May  cites  re¬ 
search  suggesting  that  IT 
appears  to  have  fallen  off 
the  radar  screen  of  next- 
generation  business  leaders. 

26  Curt  A.  Monash  says  most  of 
your  tech  strategy  can  be  de¬ 
vised  by  studying  Microsoft, 
Oracle  and  IBM,  but  there’s 
still  much  to  be  learned  from 
some  smaller  vendors. 

36  Bart  Perkins  warns  that  if 
your  management  controls 
grow  lax,  you’re  setting  your¬ 
self  up  for  embarrassment 
and  failure. 

42  Frankly  Speaking:  Frank 

Hayes  thinks  IT  needs  to  do 
more  to  help  users  protect 
company  secrets. 
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How  Spies  Operate 

SECURITY:  In  an  excerpt  from  his  book  Spies 
Among  Us,  Ira  Winkler  presents  the  story 
of  two  Russian  hackers  who  applied  their 
skills  to  steal  thousands  of  credit  card  num¬ 
bers  and  to  later  extort  U.S.  companies. 
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Taming  HIPAA 

IT  MANAGEMENT:  Health  care  companies 
should  enter  into  business  associate  agree¬ 
ments  with  their  IT  vendors  to  safeguard  pa¬ 
tient  data  as  demanded  by  HIPAA,  says  attor¬ 
ney  John  A.  Gliedman.  ©  QuickLink  54073 

First  Look:  Apple’s 
Fastest  Power  Mac  Yet 

MACINTOSH:  Apple  has  updated  its  Power  Mac 
G5s,  and  Computerworld.com’ s  Ken  Mingis 
couldn’t  resist  the  siren  song  of  speed  of¬ 
fered  by  the  top-end  model,  which  sports 
dual  2.7-GHz  G5  processors,  a  faster  Super- 
Drive  and  more  storage.  ©  QuickLink  54140 

Bonding  With  Your  New  Boss 

CAREERS:  Adjusting  to  an  unfamiliar  super¬ 
visor  can  be  unsettling,  but  it  also  offers  a 
chance  for  a  fresh  start,  suggests  columnist 
Katherine  Spencer  Lee.  ©  QuickLink  53868 


Intelligent  Infrastructure 

STORAGE  WEBCAST:  How  should  storage 
managers  tackle  virtualization  projects? 
According  to  EMC’s  Mark  Lewis,  they 
should  start  by  identifying  pain  points  before 
attempting  innovation.  Register  for  this 
free  webcast  at  ©  QuickLink  a5840 
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of  those  codes  into  the  Quick¬ 
Link  box,  which  is  at  the  top  of 
every  page  on  our  site. 
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IBM  Plans  to  Lay 
Off  13,000  Workers 

IBM  plans  to  cut  10,000  to 
13,000  jobs,  or  up  to  4%  of  its 
workforce,  mostly  from  its  Euro¬ 
pean  operations.  IBM  last  month 
reported  poor  earnings,  and  the 
restructuring  is  projected  to  cut 
costs  by  up  to  $500  million 
during  the  rest  of  2005,  and  by 
$1  billion  in  2006.  IBM  will  take 
a  $1.3  billion  to  $1.7  billion  pretax 
charge  in  the  second  quarter. 


Siebel  to  Add  SOA, 
Component  System 

Siebel  Systems  Inc.  has  detailed 
plans  to  roll  out  a  new  branch  of 
CRM  offerings  later  this  year  as 
industry-standard  prefabricated 
components.  The  component- 
based  systems,  based  on  a  ser¬ 
vice-oriented  architecture,  will 
run  on  multiple  server  hardware, 
portal  and  database  platforms. 
The  components  are  expected 
to  be  available  by  year’s  end. 


Capgemini  Makes 
Cuts  in  N.  America 

Capgemini  outlined  plans  to  re¬ 
structure  its  North  American  op¬ 
eration  -  including  200  job  cuts 
and  the  shuttering  of  more  than 
half  of  its  40  U.S.  offices.  The 
cutbacks  should  yield  $162.1  mil¬ 
lion  in  annual  savings  once  the 
effort  is  completed  by  early  July. 
Capgemini  reported  a  16%  jump  in 
first-quarter  revenue  to  $2.2  bil¬ 
lion.  (Read  a  Q&A  with  Cap- 
gemini’s  COO  at  QuickLink  54212.) 


IBM  to  Unveil  Array, 
Storage  Controller 

IBM  today  plans  to  unveil  a  new 
4Gbit/sec.  midrange  storage 
array.  The  IBM  TotalStorage  DS- 
4800  can  perform  42,000  l/0s 
per  second  and  is  priced  from 
about  $54,000.  It  will  be  general¬ 
ly  available  June  17.  IBM  will  also 
introduce  Version  2.1.1  of  its  SAN 
Volume  Controller  virtualization 
appliance.  It  starts  at  $44,500 
and  has  a  May  13  ship  date. 


Solaris  10  Downloads 
Grow,  but  Usage  Unclear 


Jury  is  still  out  on 
whether  customers 
will  install  the  OS 

BY  PATRICK  THIBODEAU 

WASHINGTON 

T  ITS  quarterly 
product-launch  an¬ 
nouncement  here 
last  week,  Sun  Mi¬ 
crosystems  Inc.  touted  the  fact 
that  there  have  been  1.3  mil¬ 
lion  downloads  of  Solaris  10 
since  the  operating  system 
was  released  last  November. 

Sun  officials  said  they  are 
pleased  with  the  pace  of  the 
downloads.  But  John  Loia- 
cono,  executive  vice  president 
of  the  company’s  software 
group,  said  in  an  interview 
that  it’s  difficult  to  know  pre¬ 
cisely  what  users  are  doing 
with  the  operating  system. 

Until  Sun  releases  the  first 
update  of  Solaris  10  later  this 
year  and  then  maps  installa¬ 
tions  of  that  version  back  to 
users  who  previously  down¬ 
loaded  the  software,  “it’s  hard 
to  tell  whether  someone  is  just 
kicking  the  tires  or  it’s  a  new 


installation,”  Loiacono  said. 

Gerry  Vest,  systems  admin¬ 
istrator  at  the  Southwest 
Foundation  for  Biomedical 
Research  in  San  Antonio,  is 
testing  Solaris  10.  Vest  has  just 
begun  the  process,  but  he  said 
he’s  seeing  promised  perfor¬ 
mance  improvements  as  a  re¬ 
sult  of  Sun’s  rewrite  of  the  op¬ 
erating  system’s  TCP/IP  stack. 

The  research  lab  is  running 
Solaris  8  in  production,  and 
Vest  said  he  expects  to  move 
to  the  new  operating  system 
within  six  months.  He  added 
that  eventually  he  will  likely 
run  Solaris  10  on  about  700 
dual-CPU  servers  equipped 
with  Advanced  Micro  Devices 
Inc.’s  Athlon  processors. 

IDC  analyst  Dan  Kusnetzky 
said  that  although  Sun  might 
be  happy  with  the  volume  of 
downloads  thus  far,  “a  down¬ 
load  doesn’t  translate  to  pro¬ 
duction  use.”  He  said  Sun 
needs  to  show  that  new  cus¬ 
tomers  are  adopting  Solaris  10 
and  that  open-source  develop¬ 
ers  are  working  with  the  soft¬ 
ware,  which  is  being  released 
under  a  royalty-free  license. 

Sun  officials  last  week  also 


More  From  Sun 


Sun  Connection:  An  online 
portal  that  gives  users  access  to 
software  updates  and  predictive 
diagnostics  tools.  Initially  sup¬ 
ports  Solaris  10  updates  only. 

Java  StorEdge  Software: 

Subscription-based  pricing  for 
Sun’s  storage  management 
tools,  starting  at  an  annual  price 
of  $350  per  employee  or 
$400,000  for  5TB  of  storage. 


Sun  Grid  Rack  System: 

Preintegrated  racks  of  servers 
and  software  for  grid  computing. 
Pricing  starts  at  about  $77,000. 

put  the  spotlight  on  grid  com¬ 
puting,  an  area  the  company  is 
focusing  on  heavily  as  both  a 
utilitylike  service  and  a  tech¬ 
nology  offering  for  internal 
deployments.  Sun  is  launching 
a  “sneak  peek”  program  for 
its  Sun  Grid  Compute  Utility, 
which  will  let  users  buy  CPU 
cycles  on  an  hourly  basis.  The 
service  is  due  to  become  avail¬ 
able  in  the  summer,  along  with 
an  offering  that  provides  stor¬ 
age  for  a  monthly  fee. 


EMC  Unveils  Midrange  Centera 


Trims  capacity, 
price  of  array 


BY  LUCAS  MEARIAN 

EMC  Corp.  today  will  unveil  its 
first  midrange  Centera  content 
addressed  storage  (CAS)  array, 
which  offers  the  same  func¬ 
tionality  as  its  bigger  and  more 
expensive  brother  with  only 
half  the  capacity  —  2.2TB. 

The  new  Centera  uses  the 
same  internal  architecture  as 
the  high-end  Centera  system: 
a  redundant  array  of  indepen¬ 
dent  nodes  that  marries  one 
Intel  processor  to  each  tray  of 
four  disk  drives. 

The  new  rack-mountable 
Centera  can  be  configured  for 


both  storage  and  access. 

The  midrange  system  is  the 
first  major  hardware  change  in 
EMC’s  CAS  system  line  since 
the  high-end  Centera  was  first 
brought  out  in  April  2002. 

“This  will  allow  [small  and 
midsize  businesses]  to  use  an 
archiving  system  to  finally  get 
their  data  in  a  sustainable 
state,  and  where  they’re  not 
backing  up  the  same  data  all 
the  time,”  said  Anne  MacFar- 
land,  an  analyst  at  The  Clipper 


Group  Inc.  in  Wellesley,  Mass. 

The  new  box  also  incorpo¬ 
rates  the  Advanced  Technolo¬ 
gy  Attachment  disk  drives  that 
the  high-end  model  uses. 

Arun  Taneja,  an  analyst  at 
Taneja  Group  Inc.  in  Hopkin- 
ton,  Mass.,  said  price/perfor¬ 
mance  improvements  in  future 
midrange  systems  may  one 
day  make  the  high-end  offer¬ 
ing  obsolete. 

To  guard  against  that, 

EMC’s  marketing  scheme 
doesn’t  offer  expand¬ 
ability  beyond  the  new 
system’s  four  nodes. 

“In  the  next  two  or 
three  months,  EMC 
will  face  pressure 
from  the  marketplace 


EMC’s  new  Centera  storage  array 


Sun  said  users  that  want  to 
run  computationally  intensive 
applications,  batch  processes 
and  other  jobs  that  aren’t  trans¬ 
action-based  have  expressed 
interest  in  the  utility  model. 

For  now,  though,  company 
officials  don’t  think  users  are 
ready  to  adopt  Sun  Grid  for 
transaction  processing. 

James  Kennedy,  a  strategic 
programs  system  engineer  at 
the  national  headquarters  of 
the  American  Red  Cross  in 
Falls  Church,  Va.,  said  he 
found  Sun’s  N1  grid  technol¬ 
ogy  attractive  for  internal  use. 
But  running  applications  on  a 
utility  basis  poses  problems 
because  of  regulatory  and  se¬ 
curity  concerns,  he  added. 

Among  the  products  that 
Sun  announced  were  N1  Sys¬ 
tem  Manager,  a  tool  that  sup¬ 
ports  the  company’s  hardware, 
and  an  upgraded  version  of  its 
N1  Service  Provisioning  Sys¬ 
tem.  Loiacono  indicated  last 
month  that  the  N1  products 
would  be  rolled  out  soon 
[QuickLink  53774]. 

One  person  who  has  seen 
the  new  system  management 
software  is  John  Groenveld,  an 
associate  research  engineer  at 
Pennsylvania  State  Universi¬ 
ty’s  Applied  Research  Labora¬ 
tory.  N1  System  Manager  al¬ 
lows  users  “to  treat  a  cluster 
of  systems  almost  like  a  main¬ 
frame,”  he  said.  ©  54249 


to  make  this  product  upgrad¬ 
able  from  four  to  eight  nodes,” 
Taneja  said. 

Like  the  original  Centera,  the 
new  box  comes  with  remote 
replication,  file  indexing  and 
search  capabilities,  as  well  as 
several  bundled  software  sys¬ 
tems  that  can  archive  data  to 
meet  regulatory  requirements. 

Roy  Sanford,  vice  president 
of  CAS  at  EMC,  said  the  new 
Centera  is  also  available  bun¬ 
dled  with  e-mail  archiving 
software,  such  as  EMC’s 
Legato  DiskXtender  and 
EmailXtender. 

Sanford  declined  to  disclose 
specific  pricing  plans  but  said' 
the  new  model  will  cost  about 
35%  less  than  the  high-end  one, 
which  starts  at  about  $148,000. 
“This  will  be  sub-$100,000,” 
Sanford  said.  ©  54250 
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NETWORK  EXCELLENCE 


J-Series  &  JUNGS,  Always  Performance  Perfection. 

Are  you  sinking  in  a  patchwork  of  network  complexity?  Can  you  count  on  your 
network  to  deliver  the  security  and  predictability  that  your  business  needs  to 
move  to  VoIP  or  to  run  networked  ERP  applications?  Or  to  gain  the  flexibility  and 
cost  advantages  of  moving  remote  and  branch  office  connections  from  leased 
line  to  IPSec  VPN? 


Simply  leave  the  Status  Quo  for  unprecedented  simplicity,  predictability  and  platform 
independence:  Juniper’s  J-series.  The  J-series,  and  our  modular  JUNOS  operating  system, 
is  perfect  for  extended  and  distributed  enterprises  with  business-critical  application  - 
ensuring  superior  security  and  quality  over  a  converged  IP  network.  Now  forward-thinking 
enterprises,  government  organizations  and  research  &  education  groups  have  a  better 
alternative  in  forward-looking  platforms: 

•  Superior  Security.  Dedicated  resources  offer  the  most  advanced  defense  from  outside 
threats  while  giving  you  complete  control,  even  under  attack.  Add  new  filters  and 
policies  directly,  quickly,  easily. 

•  Unprecedented  Uptime:  JUNOS  architecture  allows  multiple  functions  to  run 
independently,  keeping  minor  issues  from  becoming  major  problems.  And  keeping 
enterprises  (and  network  managers)  secure  -  in  fact,  just  hit  “rescue”  for  speedy 
system  recovery.  What’s  more,  our  next-generation  CLI  means  accurate  configuration. 
Legacy  "routers”  can  only  wish  for  parallel  multi-function  excellence. 

•  Performance  Predictability:  Congestion-ending  architecture  ensures  the  most  important 
applications  receive  top  resource  priority,  so  you 
maintain  incredible  control  and  throughput  during 
the  most  demanding  times. 

•  Reduced  Operational  Complexity  &  Costs:  Our 
clean-code  configuration  and  consistent  release 
schedules  require  minimal  effort  to  set  up  and 
maintain  -  no  wasted  time  on  constant  patches 
and  upgrades. 


►  SPECIFICATIONS 


Platform 

J2300 

J4300 

J6300 

Size 

1U 

2U 

2U 

Site  Connections 

2xT 1/El/Serial 

2XT 1/El/Serial 
to  BxTl/El 

2xTl/El/Serial 
to  DS3 

Fixed  LAN  Ports 

2xFE 

2xFE 

2xFE 

WAN  Interface  Slots 

n/a 

6  Open  Slots 

6  Open  Slots 

Fixed  WAN  Interfaces 

2xTl  or  2xEl  or  2xSerial 

n/a 

n/a 

WAN  Interface 

Modules 

n/a 

2xTl/2xEl/ 

2xSerial/2xFE 

2xTl/2xEl/ 

2xSerial/2xFE/DS3 

Memory 

256  or  512  MB  DRAM 

256  or  512  MB  DRAM 

256/512/1024  MB  DRAM 

Redundancy 

No 

No 

Power 

Additional  Software 
Licenses 

Stateful  Firewall,  IPSec, 
J-Flow  Accounting, 

BGP  Route  Reflector 

Stateful  Firewall,  IPSec, 
J-Flow  Accounting, 

BGP  Route  Reflector 

Stateful  Firewall,  IPSec, 
J-Flow  Accounting, 

BGP  Route  Reflector 

^  CARRIER-CLASS  PERFORMANCE  &  SECURITY,  READY  FOR  YOU. 
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New  Cisco  Appliances  Drive 
Debate  on  Network  Security 


IT  execs  weigh  use 
of  internal  tools  vs. 
external  protection 

BY  MATT  HAMBLEN 

LAS  VEGAS 

Network  security  became  a 
major  topic  of  debate  at  last 
week’s  Interop  conference, 
with  differences  of  opinion 
emerging  among  networking 
vendors,  service  providers 
and  users  over  where  security 
tools  should  be  applied  and 
who  should  provide  them. 

Cisco  Systems  Inc.  used  the 
conference  to  announce  a  line 
of  multifunction  security  ap¬ 
pliances  for  defending  against 
network  threats.  But  Hossein 
Eslambolchi,  AT&T  Corp.’s 
CIO  and  chief  technology  offi¬ 
cer,  responded  that  the  proper 
place  to  defend  against  securi¬ 
ty  threats  is  in  the  WAN  back¬ 
bones  controlled  by  his  com¬ 
pany  and  other  service  pro¬ 


viders.  That  can  stop  attacks 
from  reaching  corporate 
boundaries,  Eslambolchi  said. 

Some  network  managers  at 
the  conference  said  IT  securi¬ 
ty  is  so  important  that  it  re¬ 
quires  both  internal  technol¬ 
ogy  they  can  control  and  reli¬ 
able  external  protections  from 
network  operators. 

“You  need  both,”  said  Andre 
Gold,  director  of  information 
security  at  Houston-based 
Continental  Airlines  Inc., 
which  has  been  testing  Cisco’s 
new  Adaptive  Security  Appli¬ 
ance  5540  for  the  past  six 
months.  At  $16,995,  the  5540 
is  the  most  expensive  of  the 
three  ASA  devices  that  Cisco 
plans  to  ship  this  month. 

Gold  said  he  is  still  evaluat¬ 
ing  whether  to  use  the  5540. 
“It’s  not  easy  to  set  up,”  he 
noted.  Nonetheless,  he  said 
Cisco’s  ASA  concept  is  “very, 
very  appealing”  because  it  ad¬ 
dresses  network  security  man- 


AT&T  and  others 
should  be  in  the 
network  pipeline 
protecting  against 
threats.  I  want  my 
provider  to  do  that. 


IRVING  TYLER, 

CIO,  Quaker  Chemical 

agement  in  a  single  box. 

The  ASA  5500  line  incorpo¬ 
rates  features  from  Cisco’s 
firewall,  intrusion-prevention 
and  virtual  private  network 
products  and  also  supports 
routing,  multicasting  and 
quality-of-service  capabilities. 


Jayshree  Vullal,  senior  vice 
president  of  Cisco’s  security 
technology  group,  said  the 
security  features  in  the  appli¬ 
ances  will  eventually  work 
their  way  into  the  company’s 
routers  and  switches,  but  she 
declined  to  disclose  a  detailed 
road  map. 

The  ASA  offering  doesn’t 
interest  Irving  Tyler,  CIO  at 
Quaker  Chemical  Corp.  in 
Conshohocken,  Pa.  Tyler 
needs  to  protect  network  con¬ 
nections  for  300  remote  users 
globally  and  manage  networks 
serving  15  offices. 

Products  like  the  ASA  line 
are  “not  a  priority,”  he  said. 
“AT&T  and  others  should  be 
in  the  network  pipeline  pro¬ 
tecting  against  threats.  I  want 
my  provider  to  do  that.” 

Tyler  likened  receiving  data 
over  global  networks  to  get¬ 
ting  water  in  pipes  at  his 
home,  saying  he  expects  a  cer¬ 
tain  level  of  purity  so  he  won’t 
have  to  “run  around  and  in¬ 
stall  filters  on  every  faucet.” 

On  the  other  hand,  Jerry 
Knaus,  senior  manager  of  IT 
infrastructure  at  Jeppesen 
Sanderson  Inc.  in  Englewood, 
Colo.,  said  Cisco’s  appliances 


or  similar  products  might  be 
useful  because  the  subsidiary 
of  The  Boeing  Co.  doesn’t 
want  to  rely  too  heavily  on 
network  service  providers  to 
defend  it  against  attacks. 

“I’m  not  comfortable  with 
relying  on  my  service  provider 
for  security,  since  we’re  trans¬ 
ferring  important  business 
knowledge  such  as  flight  plans 
and  flight  data  all  the  time,” 
Knaus  said.  “We  need  to  feel 
more  of  a  sense  of  control.” 

Andrew  Braunberg,  an  ana¬ 
lyst  at  Current  Analysis  Inc.  in 
Sterling,  Va.,  said  Cisco’s  ASA 
rollout  follows  introductions 
of  similar  appliances  by  sever¬ 
al  security  vendors  over  the 
past  two  years.  The  new  offer¬ 
ing  is  significant  because  of 
Cisco’s  size  and  market  clout, 
Braunberg  said.  But  he  ques¬ 
tioned  whether  large  enter¬ 
prises  would  use  the  ASA 
technology,  because  its  fire¬ 
wall  throughput  is  a  relatively 
slow  650Mbit/sec.  ©  54248 


DO  IT  YOURSELF 

AT&T  plans  to  rely  on  its  own  software  to 
secure  its  global  IP  network: 

QuickLink  54254 
www.computenworld.com 


Vendor  Group  Adds 
Net  Access  Specs 


BY  JAI KUMAR  VIJAYAN 

A  proposed  network  access 
control  standard,  developed 
by  a  large  group  of  vendors 
that  includes  IBM,  Intel  Corp. 
and  Microsoft  Corp.,  could 
soon  help  give  IT  managers  a 
set  of  vendor-neutral  tools  for 
enforcing  security  policies  on 
end-user  devices. 

The  Trusted  Network  Con¬ 
nect  (TNC)  specifications 
were  detailed  at  last  week’s  In¬ 
terop  conference  in  Las  Vegas. 
Also  announced  at  the  show 
were  a  pair  of  application  pro¬ 
gramming  interfaces  (API) 
that  vendors  can  use  to  devel¬ 
op  TNC-based  tools,  as  well  as 
plans  for  the  first  products  im¬ 
plementing  the  standard. 

Like  similar  approaches 
from  individual  vendors  such 


as  Cisco  Systems  Inc.  and  Mi¬ 
crosoft,  TNC  will  let  IT  man¬ 
agers  set  rules  to  permit,  re¬ 
strict  or  deny  network  access 
to  end  users,  depending  on 
whether  their  systems  have 
the  required  firewalls,  anti¬ 
virus  tools,  software  updates 
and  configuration  settings. 

Such  capabilities  are  crucial 
for  avoiding  attacks  launched 
via  compromised  PCs  and 
mobile  systems,  said  Ahmed 
El-Haggan,  CIO  at  Coppin 
State  University  in  Baltimore. 
“It’s  great  to  be  able  to  take 
care  of  a  security  problem  at 
the  network  level  before  it 
reaches  my  servers  and  my 
applications,”  he  said. 

The  core  difference  be¬ 
tween  TNC  and  approaches 
such  as  Cisco’s  Network  Ad¬ 


mission  Control  program  is 
that  TNC  is  designed  for  net¬ 
works  built  around  products 
from  multiple  vendors. 

The  Portland,  Ore.-based 
Trusted  Computing  Group 
developed  TNC  and  plans  to 
release  at  least  four  more  APIs 
over  the  next  several  months, 
said  Thomas  Hardjono,  co- 
chairman  of  the  organization’s 
infrastructure  working  group. 

The  interfaces  will  give 
vendors  a  standard  way  to 
capture,  share  and  verify  the 
various  pieces  of  information 
that  are  needed  to  authenti¬ 
cate  client  devices  and  ensure 
that  they  comply  with  security 
policies,  said  Hardjono,  a  prin¬ 
cipal  scientist  at  VeriSign  Inc. 

Hardjono’s  group  is  also 
working  to  refine  specifica¬ 
tions  for  a  hardware  compo¬ 
nent  called  the  Trusted 
Platform  Module,  a  micro¬ 
controller  that  can  store  pass¬ 
words,  digital  certificates  and 
configuration  data  for  identi¬ 
fying  and  attesting  to  the  secu¬ 


rity  of  client  systems. 

But  the  group  can’t  afford  to 
“waste  18  months  squabbling 
among  themselves  about  the 
finer  points  of  their  standard,” 
said  Jim  Slaby,  an  analyst  at 
The  Yankee  Group  in  Boston. 
“I  think  there’s  a  lot  of  time 
pressure  on  them.  There’s  a 
bit  of  a  race  to  get  endpoint 
policy  enforcement  schemes 
out  in  the  market.” 


Trusted  Network 
Connect 

WHAT  IT  IS:  A  vendor-neutral 
standard  designed  to  give  IT 
managers  tools  for  enforcing 
network  security  polices  on 
client  devices. 


HOW  IT  WORKS:  Software 
agents  collect  information  on 
the  security  status  of  end-user 
devices  and  relay  it  to  servers 
that  assess  compliance  with 
corporate  policies. 


At  Interop,  for  example, 
Juniper  Networks  Inc.  out¬ 
lined  a  broad  network  security 
framework  that  it  plans  to  fill 
out  over  the  next  few  years 
[QuickLink  54103]. 

And  another  vendor,  Nortel 
Networks  Ltd.,  has  also  an¬ 
nounced  technologies  that  let 
its  customers  enforce  network 
access  control  policies. 

Funk  Software  Inc.,  a  Cam¬ 
bridge,  Mass.-based  company 
that  helped  develop  TNC,  last 
week  said  it’s  building  support 
for  the  specifications  into  its 
Steel-Belted  Radius/Endpoint 
Assurance  server  and  its 
802.1x-based  Odyssey  Client 
software  agent.  Those  prod¬ 
ucts  are  due  to  be  available  for 
user  trials  late  this  month. 

McAfee  Inc.  and  Check 
Point  Software  Technologies 
Ltd.  also  demonstrated  sup¬ 
port  for  TNC  last  week. 

Hardjono  noted  that  a  total 
of  seven  vendors  have  already 
said  they  will  implement  the 
standard  in  products.  ©  54251 
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Juniper,  Avaya  Sign 
Development  Pact 

Router  maker  Juniper  Networks 
Inc.  and  Avaya  Inc.,  a  developer 
of  enterprise  IP  telephony  gear, 
have  signed  an  agreement  to 
jointly  develop,  sell  and  support 
new  products.  Details  of  the 
agreement,  including  the  type 
of  products  to  be  developed,  are 
still  being  worked  out.  This  latest 
pact  between  the  two  companies 
extends  an  earlier  partnership. 


Oracle  to  Buy  Indian 
Development  Sites 

Oracle  Corp.  has  agreed  to  exer¬ 
cise  its  options  to  purchase  two 
PeopleSoft  development  centers 
in  Bangalore,  India.  Financial 
terms  of  the  deal  weren’t  dis¬ 
closed.  The  centers  are  operated 
by  outsourcing  services  compa¬ 
nies  Hexaware  Technologies  Ltd. 
and  Covansys  Corp.  Workers  at 
the  centers  will  become  Oracle 
employees  after  the  close  of  the 
deal,  which  is  expected  in  October. 


Nortel  Q4  Sales, 
Profits  Down 

Nortel  Networks  Corp.  profits  fell 
75%  in  the  fourth  quarter  of 
2004  on  a  sales  decline  of  20%. 
Officials  project  improving  finan¬ 
cial  results  through  2005. 


NORTEL  BY  THE  NUMBERS 

REVENUE 

PROFIT 

Q4’05 

S2.62B 

S133M 

Q4'04 

S3.27B 

S528M 

HP  Pays  $325M 
To  Settle  EMC  Suit 

Hewlett-Packard  Co.  and  EMC 
Corp.  have  signed  a  five-year 
patent  cross-licensing  deal  that 
will  end  four  years  of  litigation  be¬ 
tween  the  two  companies.  The 
settlement  calls  for  HP  to  pay 
EMC  $325  million  over  five  years 
for  the  purchase  of  EMC  software 
for  internal  use  or  resale.  The 
patent  infringement  litigation 
began  in  2000  when  EMC  sued 
StorageApps  Inc.,  which  HP  ac¬ 
quired  a  year  later.  HP  filed  a 
retaliatory  lawsuit  in  2002. 


BI  Vendor  CEO  Blasts 
Gates’  Position  on  H-1B 


No  need  to  eliminate  cap  on  visas, 
claims  Information  Builders’  Cohen 


BY  DON  TENNANT 

Gerald  Cohen,  the  outspo¬ 
ken  founder  and  CEO  of 
New  York-based  busi¬ 
ness  intelligence  soft¬ 
ware  vendor  Informa¬ 
tion  Builders  Inc.,  spoke 
with  Computerworld 
late  last  month  about 
the  controversy  sur¬ 
rounding  offshore  out¬ 
sourcing  and  the  H-1B  visa 
program.  Excerpts  follow: 


Bill  Gates  told  an  audience  in 
Washington  recently  that  the  U.S. 
needs  to  get  rid  of  the  cap  on  H-1B 
visas.  What’s  your  position  on 
that?  He’s  full  of  it.  He  says, 
“I’d  hire  a  lot  more  American 
engineers  if  I  could  find  them 

—  they’re  not  available,  and 
that’s  why  we’re  going  to  Chi¬ 
na  and  India.”  He’s  going  there 
because  it’s  just  cheaper.  He 
can  find  all  the  engineers  he 
wants  in  this  country. 

A  lot  of  CEOs  at  companies  like 
yours  are  saying  that  they  just 
can’t  find  the  people.  That’s 
bull.  You  know  who  wants 
[to  get  rid  of  the  cap]?  The 
Indian  companies.  The  way 
the  Indian  companies  work 
is  they  have  to  have  a  certain 
number  of  people  here,  and 
a  lot  more  people  back  there 

—  so  they’re  the  ones  who 
want  to  get  all  these  people 
in.  And  they  don’t  even  pay 
them  American  wages  —  they 
just  pay  them  as  cheaply  as 
they  can. 

But  surely  you  use  overseas 
labor  to  lower  your  own  costs. 

I’m  going  to  put  two  hats  on. 
With  one  hat,  I  say  we  want  to 
keep  jobs  in  New  York  City. 
The  other  hat  says  that  we 
want  the  company  to  be  pros¬ 
perous,  and  if  I  can  lower  my 
costs  by  doing  work  overseas, 
the  company’s  more  prosper¬ 
ous.  But  I’m  not  so  sure  that’s 


i 


Q&A 


better  for  the  country. 

How  much  of  your  devel¬ 
opment  work  is  done  out¬ 
side  of  the  U.S.?  We  do  a 

little  quality-assurance 
work  outside  of  the  U.S. 
We  find  it’s  economical 
to  do  the  routine  kind 
of  QA  work  [overseas]. 


What’s  your  response  to  the  un¬ 
employed  U.S.  IT  worker  who  says 
you  should  be  keeping  those  jobs 
in  the  U.S.?  We  have  to  [do 
business]  economically.  It’s  a 
real  problem.  The  government 


is  providing  us  with  no  help, 
so  we’re  doing  [what  we  have 
to  do]  ourselves. 

If  you  look  further  down 
the  road,  there’s  going  to  be 
a  huge  drain  of  IT  jobs.  A  lot 
of  these  jobs  that  go  overseas 
are  the  spawning  grounds 
for  future  jobs.  So  the  whole 
industry’s  going  to  move  off¬ 
shore. 

What  do  you  want  the  government 
to  do  to  help?  [Indian  vendors] 
will  bring  people  into  the  U.S. 
cheaply.  No!  When  you  [bring 
people  into]  the  U.S.,  you  have 
to  pay  American  wages.  That 
would  be  a  minimum  stan¬ 
dard,  for  example. 

There  are  a  lot  of  small 


Government  to  Add 
20,000  H-1B  Visas 


The  extra  visas 
were  approved  last 
fall  by  Congress 

BY  PATRICK  THIBODEAU 

Federal  officials  will  finally 
open  the  doors  to  an  addition¬ 
al  20,000  foreign  workers  un¬ 
der  the  H-1B  visa  program  be¬ 
ginning  Thursday,  the  U.S.  Cit¬ 
izenship  and  Immigration  Ser¬ 
vices  (USCIS)  agency  an¬ 
nounced  last  week. 

The  start  of  the  application 
process  for  the  new  visas 
comes  after  a  two-month  de¬ 
lay  and  some  controversy  over 
the  eligibility  requirements  for 
applicants.  The  USCIS,  which 
sets  immigration  policies  and 
rules  on  visa  and  naturaliza¬ 
tion  petitions,  said  the  visas 
will  be  granted  only  to  for¬ 
eigners  who  have  at  least  a 
master’s-level  degree  from  a 
U.S.  academic  institution. 

That  reverses  the  immigra¬ 
tion  service’s  initial  position 
on  who  would  be  eligible.  The 
agency  had  said  in  March  that 


it  was  considering  opening  the 
extra  H-1B  slots  to  any  quali¬ 
fied  foreign  national  —  not 
just  those  holding  advanced 
degrees  from  U.S.  universities. 

But  the  agency’s  earlier 
stance  was  contrary  to  the  in¬ 
tent  of  the  eligibility  language 
that  Congress  inserted  last  fall 
in  the  legislation  that  created 
the  20,000  additional  visas,  ac¬ 
cording  to  Sandra  Boyd,  who 
heads  Compete  America,  a 
Washington-based  lobbying 
group  that  represents  more 
than  200  corporations  and 
universities.  The  group  backs 
the  H-1B  program  as  a  means 
of  ensuring  that  U.S.  business¬ 
es  can  hire  skilled  profession¬ 
als  from  other  countries. 

Interpreting  Language 

Boyd,  who  is  also  vice  presi¬ 
dent  of  human  resources  poli¬ 
cy  at  the  National  Association 
of  Manufacturers,  said  the 
USCIS  made  the  “right  inter¬ 
pretation”  of  the  H-1B  Visa 
Reform  Act  in  the  regulations 
that  will  be  published  in  the 


things  that  could  be  done,  but 
I  have  no  solution  for  how 
we’re  going  to  throttle  this  in 
some  way. 

A  lot  of  people  say  the  education 
system  in  the  U.S.  is  failing  to  pro¬ 
vide  qualified  IT  workers.  Do  you 
disagree?  That’s  bunk.  Why  do 
you  have  declining  computer 
science  majors?  Because  every 
parent  is  saying,  “Why  major 
in  computer  science  when  all 
the  jobs  are  going  offshore?” 

It  feeds  itself. 

And  I  guarantee  you,  if 
it  doesn’t  stop,  in  a  couple 
years,  you’re  not  going  to  have 
much  of  an  IT  industry  here. 
©  54191 
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Federal  Register  this  week. 

She  added  that  the  agency’s 
apparent  indecision  over  how 
to  handle  the  visa  allocation 
process  created  uncertainties 
for  employers  as  well  as  pro¬ 
spective  visa  holders. 

“There  was  a  lot  of  confu¬ 
sion  about  whether  people 
would  be  offered  jobs,”  Boyd 
said.  “It  made  it  impossible  to 
plan,  and  it  all  seemed  pretty 
unnecessary.” 

Christopher  Bentley,  a 
spokesman  for  the  USCIS, 
said  that  as  the  agency  contin¬ 
ued  its  review  of  the  new  law, 
“we  came  to  the  realization 
that  this  was  not  the  intent  of 
Congress”  to  allow  workers 
without  an  advanced  degree  to 
get  the  added  visas. 

Congress  approved  the  ad¬ 
ditional  visas  after  IT  vendors 
and  other  H-1B  supporters 
complained  that  the  65,000- 
visa  cap  in  place  for  the  gov¬ 
ernment’s  current  fiscal  year 
was  too  low  to  meet  demand. 
All  of  the  visas  available  under 
the  cap  were  taken  by  last  Oct. 
1,  the  first  day  of  fiscal  2005. 
The  USCIS  said  last  week  that 
the  extra  visas  will  also  be 
available  in  future  fiscal  years 
and  will  be  exempt  from  the 
regular  cap.  ©  54224 
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IBM  Details  Its  Plans  for  Ascential 


Users  hope  for 
smooth  integration 


BY  HEATHER  HAVENSTEIN 

WESTBORO.  MASS. 

IBM  last  week  detailed  plans 
for  folding  Ascential  Software 
Corp.’s  integration  and  data- 
cleansing  technology  into  its 
information  management  of¬ 
ferings.  IBM  closed  its  $1.1  bil¬ 
lion  acquisition  of  Ascential 
late  last  month. 

At  a  press  event  here  last 
week,  IBM  unveiled  the  Web¬ 
Sphere  Data  Integration  Suite, 
which  is  based  on  an  integra¬ 
tion  platform  code-named 
Hawk  that  had  been  under 
development  at  Ascential. 

Over  the  long  term,  IBM 
plans  to  use  the  Ascential  tech¬ 
nology,  along  with  its  own,  to 
help  users  access  data  that  has 
been  mostly  inaccessible  be¬ 
cause  it  was  created  as  part 
of  technology  silos,  said  Janet 
Pema,  IBM’s  general  manager 
of  information  management. 

The  Ascential  technology 
can  “open  up  this  integration 
environment  to  end  users . . . 
to  be  able  to  more  easily  ac¬ 
cess  the  information  they 
need,”  she  said. 

Such  tools  are  important  for 
companies  as  they  consolidate 
information  and  processes 
from  applications,  said  Judith 
Hurwitz,  president  of  Hurwitz 
&  Associates,  an  IT  research 
firm  in  Waltham,  Mass. 

Klaus  Mikkelsen,  global  de¬ 
velopment  leader  at  Ascential 
user  Owens  Corning,  a  Tole¬ 
do,  Ohio-based  manufacturer 
of  building  materials,  said  he 
is  hopeful  that  the  IBM  plan 
can  help  his  company. 

“The  transition  plan  . . . 
seems  to  be  the  right  thing  to 
focus  on,  but  I  would  be  con¬ 
cerned  that  the  integration 
efforts  under  way  will  limit 
near-term  product  develop¬ 
ment  and  enhancements,” 
Mikkelsen  said. 

Owens  Corning  uses  inte¬ 
gration  technology  from  As¬ 
cential  combined  with  busi¬ 
ness  intelligence  software  to 
generate  daily  gross  margins 
from  multiple  ERP  systems. 


The  WebSphere  Data  Inte¬ 
gration  Suite,  expected  to  ship 
to  beta  users  within  six  weeks, 
will  offer  a  new  user  interface 
and  new  metadata  profiling 
capabilities.  The  suite  will  be 
generally  available  this  fall. 

John  Jaye,  first  vice  presi¬ 
dent  at  ABN  Amro  Holding 
NV,  a  financial  services  firm 
in  Amsterdam,  said  that  he  is 
pleased  that  IBM  preserved 
the  Hawk  product.  ABN  uses 
DataStage  TX  to  integrate 
with  its  customers  and  partner 
banks  to  support  global  pay¬ 
ment  transactional  processing. 

“The  high-level  road  map 
seems  solid,”  Jaye  said,  adding 
that  IBM’s  plans  to  use  Ascen¬ 
tial  technology  to  help  it  inte¬ 
grate  some  of  its  other  soft¬ 
ware  products  could  benefit 
his  company.  ABN  Amro  uses 
WebSphere  Application  Serv¬ 
er  and  IBM  MQSeries.  Jaye 


Some  users  praise 
upgrade;  others 
won’t  consider  it 

BY  CAROL  SLIWA 

j 

Apple  Computer  Inc.  hopes  its 
new  Tiger  operating  system 
will  help  the  company  crack 
open  the  enterprise  server 
market,  where  its  Xserve  line 
lags  behind  Windows,  Linux 
and  other  Unix  offerings. 

But  analysts  said  it’s  unclear 
if  the  10.4  version  of  Mac  OS  X 
Server,  which  has  built-in  sup¬ 
port  for  more  than  100  open- 
source  software  technologies, 
will  propel  Apple  beyond  its 
traditional  user  base.  That  con¬ 
sists  of  academic  and  scientific 
institutions  attracted  by  the 
powerful  processing  capabili¬ 
ties  of  Apple’s  systems,  as  well 
as  publishing  companies  and 
others  lured  by  its  graphics 
and  multimedia  technology. 

“They  have  a  challenging  en¬ 
vironment,”  said  IDC  analyst 
Al  Gillen.  Apple’s  technology 
gives  it  an  advantage  in  certain 


called  on  IBM  to  provide  more 
details  on  how  it  will  dovetail 
the  product  lines. 

Kris  Williams,  program 
manager  of  electronic  com¬ 
merce  at  Skyworks  Solutions 
Inc.,  a  Woburn,  Mass.-based 
semiconductor  company,  also 
said  he  is  encouraged  that 
IBM  will  continue  to  follow 
Ascential’s  plans  for  the  Hawk 


markets,  Gillen  said.  But,  he 
added,  “overall,  the  Unix  mar¬ 
ket  isn’t  growing.  The  only  way 
to  grow  is  to  take  market  share 
from  one  of  your  competitors.” 

No  Plans  to  Change 

Fourteen  of  16  IT  managers 
who  responded  to  a  random 
Computerworld  e-mail  poll 
last  week  said  they  have  no 
plans  to  consider  Tiger,  either 
because  they  aren’t  familiar 
with  it,  they  see  no  need  to 
change  their  existing  technol¬ 
ogy  environments  or  they’re 
trying  to  consolidate  the  vari¬ 
ous  servers  they  now  support. 

For  example,  Stan  Johnson, 
a  desktop  and  LAN  services 
manager  for  the  Multnomah 
County  government  in  Port¬ 
land,  Ore.,  said  the  county’s  IT 
department  has  settled  on 
Windows  and  Solaris  servers 
and  has  no  plans  to  evaluate 
other  technologies. 

Sales  of  Apple’s  Xserve 
systems  are  strongest  in  the 
$3,000-to-$5,999  price  range  of 
the  Unix/RISC  server  market, 


platform.  Skyworks,  formerly 
Alpha  Industries,  used  Ascen- 
tial’s  DataStage  TX  to  help 
integrate  its  e-commerce  sys¬ 
tems  with  those  from  Conex¬ 
ant  when  the  companies 
merged  in  2002. 

Williams  also  said  that  he 
would  like  to  see  IBM  expand 
the  integration  between  Data¬ 
Stage  and  IBM  products. 

“We’d  like  to  see  . . .  integra¬ 
tion  between  products  like 
Domino,  Lotus  Notes  and 


according  to  Jean  Bozman,  an¬ 
other  analyst  at  Framingham, 
Mass.-based  IDC.  In  that  cate¬ 
gory,  Apple  servers  accounted 
for  20%  of  worldwide  factory 
revenue  and  21%  of  unit  ship¬ 
ments  last  year,  Bozman  said. 
But  looking  at  Unix/RISC 
servers  priced  at  $25,000  or 
below,  Apple  had  less  than  5% 
of  revenue  and  less  than  10% 
of  unit  shipments,  she  said. 

Florida  Community  College 
at  Jacksonville  uses  two  dozen 
Apple  servers  for  video  stag¬ 
ing,  archiving  and  developing 
multimedia  applications,  said 
CIO  Rob  Rennie.  The  servers 


Apple’s  Tiger 
Server  OS 

New  features  include:  '>'»  •' 

■  Support  for  64-bit  apps 

■  iChat  Server  for  secure 
instant  messaging 

■  Weblog  Server  for  publishing 
online  journals 

■  Software  Update  Server 

■  Adaptive  junk-mail  filtering 
and  virus  detection 

■  Xgrid  distributed  computing 
architecture 


DataStage,”  he  said. 

Perna  said  the  IBM  plan 
also  calls  for  building  a  single 
repository  architecture  — 
including  metadata  discovery, 
exchange  and  management  — 
that  will  incorporate  existing 
IBM  products  and  a  set  of 
tools  that  are  based  on  Eclipse 
for  WebSphere  Business  Inte¬ 
gration  and  DataStage  TX. 

The  company  didn’t  provide 
specific  dates  for  the  future 
additions.  ©  54230 


have  been  “rock  solid”  and  re¬ 
liable,  and  the  college  will  up¬ 
grade  to  Tiger  as  soon  as  it 
can,  he  said. 

Apple  servers  gain  entry  to 
many  companies  by  way  of  the 
desktop.  For  instance,  the  art 
department  at  Weather  Cen¬ 
tral  Inc.’s  newspaper  group 
uses  Macintosh  systems,  so 
adding  Apple  servers  was  a 
natural  step,  said  Chuck 
Sholdt,  vice  president  of 
weather  services  at  the  Madi¬ 
son,  Wis.-based  weather 
graphics  supplier. 

Sholdt  said  his  group  in¬ 
stalled  its  first  Apple  server 
software  about  12  years  ago 
and  now  uses  two  Xserve  sys¬ 
tems.  “OS  X  has  matured,  and 
we  just  keep  smiling  every’ 
time  a  new  upgrade  comes 
out,”  he  said. 

But  Macintosh  usage  does 
not  always  translate  to  adop¬ 
tion  of  Apple  servers.  About 
30%  of  the  end  users  at  JWT, 
an  advertising  agency  in  New 
York,  run  Macintosh  desktops, 
said  Steve  Bumba,  JWTs 
worldwide  systems  director. 
But  Windows  is  the  official 
server  platform,  and  Apple 
servers  turn  up  only  in  isolated 
workgroups,  he  said.  ©  54247 


IBM  Information  Integration  Road  Map 


CURRENT  INTEGRATION 
CAPABILITIES 

■Ascential  transformation  library 
accessible  from  WebSphere  Infor¬ 
mation  Integrator  and  WebSphere 
Business  Integration. 

■  Unified  service-oriented  archi¬ 
tecture  across  WebSphere 
Information  Integration,  Web¬ 
Sphere  Business  Integration 


and  Ascential  technology. 

■  Metadata  exchange  with  Ascential 
MetaBroker  for  DB2  cube  views. 

SHORT-TERM 
INTEGRATION  PRIORITIES 

■  Release  next-generation  Ascential 
Hawk  this  year. 

■  Enhance  linkage  between 
Ascential  DataStage  TX  and 


WBI  Message  Broker. 

LONG-TERM 
INTEGRATION  PLANS 

■  Converged  set  of  tools  based 

on  Eclipse. _ _ 

■  Integrated  metadata  discovery, 
exchange  and  management. 

■  Connectors  that  can  be  used 
across  WebSphere  and  Ascential 
technology. 


Apple  Looks  to  Tiger  for 
Increased  Server  Sales 
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EDS  Earns  Profit  on 
5%  Sales  Decline 


Electronic  Data  Systems  Corp. 
reported  a  first-quarter  profit, 
compared  with  a  year-earlier  loss, 
despite  a  5%  sales  decline.  The 
results  included  the  expensing  of 
stock  options,  which  started  on 
Jan.  1. 


EDS  BY  THE  NUMBERS 


REVENUE  PROFIT 


Q1’05 

$4,946 

KUSH 

Q1’04 

S5.2B 

(S12M) 

Cerner  Buys  French 
Technology  Firm 

Cerner  Corp.  has  acquired  Axya 
Systemes,  a  Paris-based  health 
care  IT  company  that  specializes 
in  financial,  administrative  and 
clinical  solutions  for  hospitals. 
Terms  of  the  deal  weren’t  dis¬ 
closed.  The  acquired  company’s 
new  name  is  Cerner  France. 
Anne-Veronique  Dufresnoy  and 
David  Kalfon,  founders  of  private¬ 
ly  held  Axya,  will  remain  with 
the  firm. 


Microsoft  R&D  Aims 
At  Small  Vendors 

Microsoft  Corp.  will  give  small 
companies  access  to  a  library  of 
technologies  developed  by  its  re¬ 
search  and  development  teams. 
Under  the  new  Microsoft  IP  Ven¬ 
tures  program,  small  firms  can 
license  technologies  to  ease  the 
development  of  products  and  ser¬ 
vices.  In  return,  Microsoft  is  ask¬ 
ing  for  royalty  payments  or  a 
stake  in  the  user  company. 


SANS  Lists  Top  20 
Internet  Raws 

The  SANS  Institute  has  published 
its  latest  list  of  the  top  20  critical 
Internet  security  vulnerabilities, 
which  it  says  companies  should 
patch  immediately.  The  list  for  the 
first  quarter  of  2005  is  dominated 
by  Microsoft  software  but  includes 
problems  with  products  from  Ora¬ 
cle  Corp.,  Computer  Associates  In¬ 
ternational  Inc.,  Real  Networks 
Inc.  and  some  antivirus  vendors. 
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Intel  Updates 
Moore  s  Law . . . 


...  by  using  dual-core  CPUs  to  double  the  transistors  on  a 
chip.  Forty  years  ago  last  month,  Gordon  Moore,  now 
Intel  Corp.’s  chairman  emeritus,  unveiled  his  “law” 
that  the  number  of  transistors  on  silicon  chips  will 
double  every  18  to  24  months.  And  so  they  have.  The 


current  version  of 
Intel’s  Itanium  2  proc¬ 
essor  houses  410  mil¬ 
lion  transistors,  al¬ 
most  double  the  220 
million  in  its  prede¬ 
cessor.  The  future 
holds  something 
slightly  different: 
multicore  chips  that  at  least 
double  the  transistor  count, 
but  in  two  or  more  CPUs  built 
as  one  package.  Intel  plans  to 
use  dual-core  technology  in 
all  of  its  product  lines.  For  ex¬ 
ample,  Stephen  Smith,  vice 
president  and  director  of 
desktop  platforms  at  Intel, 
says  the  first  dual-core  Itani¬ 
um  processor,  code-named 
Montecito,  is  on  track  to  start 
shipping  later  this  year  from 
the  company’s  fabrication 
plants  and  should  appear  in 
servers  from  Dell  Inc.,  Hew¬ 
lett-Packard  Co.  and  others  in 
early  2006.  A  dual-core  Xeon 
chip  is  also  due  next  year.  By 
the  end  of  2006,  80%  of  new 
servers  will  be  dual-core  sys¬ 
tems,  Smith  estimates.  Appli¬ 
cations  that  have  been  specif¬ 
ically  written  for  parallel  pro- 


1.7B 

Transistors  on 
Intel’s  dual¬ 
core  Montecito 
processor. 


cessing  systems  — 
or  that  are  “thread- 
aware,”  as  he  puts  it 
—  should  run  dramati¬ 
cally  faster  on  dual¬ 
core  chips.  Smith 
points  to  studies 
showing  that  the  hu¬ 
man  mind  has  an  at¬ 
tention  span  of  one-half  sec¬ 
ond  before  wanting  to  move 
on  to  the  next  stimulus  — 
hence,  Intel’s  constant  striv¬ 
ing  to  ensure  that  our  bore¬ 
dom  is  minimized  with  ever 
swifter  computers. 

Service  providers 
make  mobile . . . 

. . .  mail  a  better  option.  This 
week,  Rogers  Wireless  Inc.,  a 
subsidiary  of  Toronto-based 
Rogers  Communications  Inc., 
will  unveil  a  mobile  e-mail 
service  based  on  technology 
from  Visto  Corp.  in  Redwood 
Shores,  Calif.  According  to 
Suzanne  Panopolis,  Visto’s  di¬ 
rector  of  marketing,  the  com- 
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Year  Gartner  says  all 
smart  devices  will 
have  mobile  e-mail. 


pany’s  Con- 
stantSync 
software  lets 
mobile  users 
synchronize 
their  corpo¬ 
rate  e-mail 
systems 
with  the 
mail  sent  to 
their  hand¬ 
held  gadgets 
—  and  vice  versa.  Panopolis 
says  Visto’s  technology  is  de¬ 
vice-agnostic  and  gives  IT 
managers  more  flexibility  in 
outfitting  mobile  workers 
who  need  e-mail  with  less- 
expensive  handhelds  that  are 
more  appropriate  to  the  task. 
Panopolis  claims  that  through 
the  Rogers  deal  and  a  similar 
one  with  London-based 
Vodafone  Group  PLC’s  wire¬ 
less  division,  her  company 
will  have  500,000  subscribers 
to  the  Visto  mail-synchroniz¬ 
ing  service  by  midyear. 


Data,  data,  data,  data 
and,  yes,  even . . . 

. . .  more  data.  Kerry  Gilger, 
CEO  of  FYI  Corp.  in  Mel¬ 
bourne,  Fla.,  claims  that  his 
company  has  come  up  with 
a  way  to  address  the  over¬ 
whelming  deluge  of  informa¬ 
tion  end  users  must  navigate: 
KEGS.  No,  it  doesn’t  involve 
swilling  beer  while  studying 
spreadsheets  or  gazing  at 
PowerPoint  presentations. 
KEGS  is  FYI’s  shorthand  for 
“knowledge-enhanced  graph¬ 
ical  symbol,”  which  it  de¬ 
scribes  as  a  visual  element 
that  can  help  end  users 
immediately  grasp  complex, 
data-drenched  conditions  — 
everything  from  a  patient’s 
medical  state  to  the  real-time 
health  of  a  global  sales  orga¬ 
nization.  The  company’s  FYI 
Visual  2.0  software  ships  with 
dozens  of  templates  designed 
for  specific  business  func¬ 
tions,  such  as  help  desk  and 
manufacturing  operations.  A 
color-coded  KEGS  indicates 
whether  a  given  parameter  is 
above,  below  or  within  ex¬ 


pectations.  A  quick  glance 
can  give  an  executive  a  situa¬ 
tional  view  that  he  can  then 
drill  into  for  more  details. 

FYI  Visual  also  includes 
adapters  that  work  with  most 
of  the  major  packaged  enter¬ 
prise  applications.  Version 
2.5,  which  is  due  later  this 
quarter,  adds  geographical  in¬ 
formation  system  data  to  the 
visual  displays.  Pricing  starts 
at  under  $100,000. 

If  it’s  on  your 
network,  do  you . . . 

. . .  know  where  or  what  it  is? 

And  do  you  know  whether 
you  even  need  it?  Glenn 
Wienkoop  is  betting  you’re 
probably  clueless.  He’s  the 
president  of  Mountain  View, 
Calif. -based  BDNA  Corp., 
which  this  month  will  begin 
spending  $12.5  million  of  ven¬ 
ture  capital  to  convince  IT  ex¬ 
ecutives  that  they  need  even 
more  data  about  their  opera¬ 
tions.  (If  you  think  you’re  al¬ 
ready  deep  in  information 
overload,  see  item  above.) 

Wienkoop 
says  lots  of  IT 
shops  have 
far  too  many 
licenses  for 
their  software 
and  probably 
have  numer¬ 
ous  devices 
on  their  net¬ 
works  that 
they  know  nothing  about. 

With  BDNA’s  iGovem  asset 
management  tools,  you  get 
more  than  10,000  “finger¬ 
prints”  of  potential  hardware 
and  software  running  on  your 
network,  he  says.  Oh  sure, 
most  asset  discovery  packages 
can  locate  an  Oracle  database 
on  a  Sun  server.  But  iGovem  - 
can  even  find  Xboxes  and  CT 
scanners,  Wienkoop  says.  It 
lets  you  know  whether  you’ve 
paid  for  too  many  licenses  for 
each  application  on  your  net¬ 
work  —  or  maybe  for  too  few. 
Pricing  is  based  on  the  num¬ 
ber  of  IT  assets  that  are  being 
tracked.  ©  54206 
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Mr.  50,000  Global 
Remote  and  Mobile 
Users  Connected 
Without  a  VPN. 


'At  Nissan,  we  expect  to  save  at  least  $135  million 
annually  thanks  to  the  efficiencies  that  Windows 
Server  2003  and  Exchange  Server  2003  are 
helping  us  achieve." 

Toshihiko  Suda 

Senior  Manager.  Nissan  Motor  Company,  Ltd* 


MM 
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Make  a  name  for  yourself  with  Windows  Server  System.  An  upgrade  to  Microsoft  '  Windows  Server  System"" 
made  it  possible  for  50,000  worldwide  employees  at  Nissan  Motor  Company  to  have  more  secure 
remote  access  to  their  e-mail  and  calendars  from  any  Internet  connection,  without  the  hassle  and 
expense  of  a  VPN.  Here's  how:  By  deploying  Windows  Server™  2003  and  Exchange  2003,  not  only  did 
Nissan  IT  meet  the  CEO's  demand  for  better  global  collaboration,  they  expect  to  save  at  least  $135 
million  by  streamlining  their  messaging  infrastructure.  To  get  the  full  Nissan  story  or  find  a  Microsoft 
Certified  Partner,  go  to  microsoft.com/wssystem 
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Aussie  State  to  Ban 
E-mail  Surveillance 

SYDNEY,  AUSTRALIA 

he  parliament  of  New  South 
Wales,  Australia’s  most  populous 
state,  is  expected  to  pass  legisla¬ 
tion  this  week  that  bans  employers 
from  secretly  monitoring  the  e-mail  of 
workers  unless  there  is  a  court  order 
or  suspicion  of  wrongdoing. 

Violations  of  the  Workplace  Surveil¬ 
lance  Bill,  which  also  covers  the  use  of 
video  cameras  and  tracking  devices, 
would  be  a  criminal  offense  punishable 
by  a  fine  of  up  to  5,500  Australian  dol¬ 
lars  ($4,278  U.S.)  for  each  person  in¬ 
volved  in  covert  surveillance. 

The  bill  was  introduced  last  week  by 
the  state  government’s  executive 
branch.  “We  don’t  tolerate  employers 
unlawfully  placing  cam¬ 
eras  in  change  rooms  and 
toilets,”  said  New  South 
Wales  Attorney  General 
Bob  Debus.  “Likewise, 
we  should  not  tolerate 
unscrupulous  employers 
snooping  into  the  private 
e-mails  of  workers.” 

He  said  the  bill  strikes 
a  balance  between  an 
employee’s  right  to  priva¬ 


cy  and  the  legitimate  needs  of  employ¬ 
ers  to  protect  their  intellectual  and 
commercial  property. 

“Unless  employers  have  a  court  or¬ 
der,  they  would  need  to  give  employ¬ 
ees  notice  that  surveillance  will  be 
conducted,”  Debus  said. 

■  SANDRA  ROSSI,  C0MPUTERW0RLD 
TODAY  (AUSTRALIA) 


UBS  Completes  Big 
Mainframe  Migration 

Zurich-based  financial  services 
firm  UBS  AG  announced  late  last 
month  that  it  has  completed  the 
migration  of  its  integrated  banking  ap¬ 
plications  from  Unisys  Corp.’s  OS  2200 
mainframe  technology  to  IBM’s  z/OS- 
based  hardware  in  just  12  months. 

The  applications,  which  touch  every 
function  critical  to  the 
bank’s  daily  operations, 
had  to  be  moved  without 
causing  a  hiccup  in  cus¬ 
tomer  service,  UBS  said 
in  a  statement. 

The  ambitious  under¬ 
taking  —  so  important 
that  it  was  supervised  by 
UBS  Managing  Director 
Hansbeat  Loacker  —  in¬ 
volved  migrating  about 


2,000  online  programs,  5,000  batch 
programs,  3,000  database  objects, 
10,000  data  records  and  over  300,000 
program  tasks. 

Technical  assistance  was  provided 
by  HAL  Knowledge  Solutions  SpA,  a 
developer  of  application  portfolio 
management  tools  in  Milan,  Italy.  The 
vendor’s  technology  made  it  possible 
for  98%  of  the  program  migration  to  be 
done  via  automated  tools,  UBS  said. 


Public  Alert  System 
About  to  Go  Global 

E quant  nv,  an  international  net¬ 
work  services  provider  based  in 
Amsterdam,  last  week  said  it  was 
selected  by  Unified  Messaging  Sys¬ 
tems  AS  (UMS)  in  Oslo  to  host  and 
manage  a  global  alert  system  that  lets 
governments  and  businesses  send  a 
single  emergency  message  to  a  mass 
audience. 

For  example,  in  a  public  emergency 
requiring  evacuations,  customers  such 
as  the  Red  Cross,  utilities,  and  fire  and 
police  departments  could  send  a  voice 
message  or  short  text  message  to  thou¬ 
sands  of  people  in  a  selected  geograph¬ 
ic  area.  Message  recipients  could  then 
call  Equant’s  international  contact  cen¬ 
ter  to  get  more  information. 

The  Equant  deal  will  allow  UMS  to 
offer  its  alert  service  outside  of  Scandi¬ 
navia.  ©  54205 
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GLOBAL  FACT 


Predicted  growth  rate 
for  IT  spending  in 
Japan  this  year. 

SOURCE:  IDC. 
FRAMINGHAM.  MASS. 


Briefly  Noted 

Metro  A6,  a  Dusseldorf,  Germany- 
based  retailer,  and  Intermec  Tech¬ 
nologies  Corp.  last  week  announced 
the  first  public  demonstration  of 
Generation  2  radio  frequency  iden¬ 
tification  tags  and  readers  at  an 
RFID  conference  in  Paris.  Metro  ex¬ 
pects  more  than  100  of  its  suppliers 
to  migrate  to  the  new,  standardized 
Gen  2  RFID  technology  for  asset 
tracking  and  inventory  control  by 
the  end  of  this  year. 


BT  Group  PLC  in  London  last  week 
announced  a  multiyear  contract  to 
provide  global  communications  ser¬ 
vices  to  Jacobs  Engineering  Group 
Inc.,  a  $4.6  billion  company  in 
Pasadena,  Calif.  The  deal  covers 
LANs,  WANs  and  remote  access  at 
Jacobs  operations  in  30  countries. 
Financial  terms  weren’t  disclosed. 


Thrifty  Car  Rental,  a  unit  of  Dollar 
Thrifty  Automotive  Group  Inc.  in 
Tulsa,  Okla.,  last  week  said  it  has 
finished  translating  its  Thrifty.com 
Web  site  into  French,  German  and 
Spanish  using  the  translation  ser¬ 
vices  and  global  content  manage¬ 
ment  system  of  New  York-based 
Translations.com  Inc. 


IT’s  Transformative  Era 
Eludes  Most  Companies 


Mundane  issues 
are  still  holding 
back  progress 

BY  THOMAS  HOFFMAN 

CAMBRIDGE.  MASS. 

Wrenching  changes  to  the  way 
companies  can  operate  global¬ 
ly,  combined  with  massive  in¬ 
vestments  in  fiber  optics  and 
other  technologies,  have  paved 
the  way  for  a  truly  transforma¬ 
tional  period  in  IT,  contends  F. 
Warren  McFarlan,  a  professor 
at  Harvard  Business  School. 

But  while  some  leading 
companies  are  able  to  leverage 
the  new  business  opportuni¬ 
ties  that  are  now  opening  up 
under  a  shifting  global  econo¬ 
my,  most  IT  organizations 


continue  to  be  hampered  by 
day-to-day  system  repairs, 
compliance  demands  and  oth¬ 
er  mundane  requirements, 
said  panelists  and  attendees  at 
Cutter  Consortium’s  Summit 
2005  conference  here  last 
week.  “Of  the  nearly  50  years 
I’ve  been  in  IT,  2005  is  proba¬ 
bly  the  most  exciting,  trans¬ 
forming  time  for  business  ap¬ 
plications,”  said  McFarlan. 

He  noted  that  the  emer¬ 
gence  of  global  business  proc¬ 
ess  outsourcing  —  where 
companies  can  transfer  entire 
functions  such  as  accounting 
and  human  resources  to  third- 
party  companies  on  the  other 
side  of  the  world  —  has  led  to 
“the  death  of  distance.” 

Such  developments,  along 


with  the  massive  changes  in  IT- 
enabled  business  activities  that 
have  been  made  possible  by 
the  World  Wide  Web  and  other 
breakthrough  technologies,  re¬ 
flect  how  the  industry  is  mov¬ 
ing  from  the  “cow  path”  creat¬ 
ed  over  the  first  40  years  of  IT 
to  a  more  transformational  en¬ 
vironment,  McFarlan  said. 

Stupid  IT  Tricks 

However,  other  speakers  who 
joined  McFarlan  in  a  panel  dis¬ 
cussion  at  the  conference  said 
those  opportunities  won’t 
come  easily  for  most  compa¬ 
nies.  “As  transforming  as  the 
technology  can  be,  it’s  not  pre¬ 
venting  our  clients  from  doing 
stupid  stuff”  with  IT,  said  Tom 
Bugnitz,  a  consultant  with  Ar¬ 
lington,  Mass.-based  Cutter 
and  president  of  The  Beta 
Group  in  St.  Louis. 

Another  problem  is  that 
some  organizations  want  to 


outsource  nonstrategic  opera¬ 
tions  that  may  be  in  disarray, 
said  Lou  Mazzucchelli,  a  Cut¬ 
ter  consultant  and  a  venture 
partner  at  Ridgewood  Capital 
Management  LLC  in  Ridge¬ 
wood,  N.J.  Badly  functioning 
systems  or  business  processes 
can’t  be  fixed  simply  by  out¬ 
sourcing  them,  he  said. 

Still,  Mazzucchelli  agreed 
with  McFarlan  that  the  corpo¬ 
rate  community  may  be  enter¬ 
ing  the  “mastery  phase”  of  ex¬ 
ecuting  on  the  IT  groundwork 
that  has  been  laid  over  the 
past  40  years. 

In  the  health  care  industry,  a 
majority  of  IT  projects  fail  be¬ 
cause  they’re  poorly  aligned 
with  business  strategies,  said 
John  Halamka,  CIO  at  Harvard 
Medical  School  and  Care- 
Group  Inc.  Halamka  advocated 
“wrapping”  legacy  applications 
with  middleware  to  help  drive 
new  business  functionality  and 


then  replacing  systems  “when 
you  have  the  luxury  of  time.” 

An  employee  of  a  telecom¬ 
munications  company  who 
asked  not  to  be  identified 
complained  that  the  need  to 
comply  with  the  Sarbanes- 
Oxley  Act  has  led  to  addition¬ 
al  checklists  and  sign-offs 
that  are  slowing  down  IT  proj¬ 
ects  and  frustrating  business 
sponsors. 

McFarlan  acknowledged  the 
challenges  to  organizational 
transformation  that  were  cited 
by  the  conference  attendees. 
Still,  he  contended  that  the 
“technology  friendliness”  of  a  - 
company’s  CEO  “goes  a  long 
way  toward  achieving  these 
types  of  things.”  ©  54201 


ITS  ALL  POLITICAL 

Political  savvy  helps  IT  execs  advance  their 
own  causes  -  and  those  of  their  companies: 
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Xerox  color  multifunction  systems  can  take  all  the  things  you  do 
in  the  office  in  color  and  set  them  off,  all  from  one  launching  pad. 

Xerox  Color.  It  makes  business  sense. 


Xerox  color  is  a  blast.  And  Xerox  color  multifunction 
systems  are  here  to  bring  remarkable  power  to 
everyone  in  your  office.  By  putting  color  into  one 
system  that  prints,  copies,  scans,  faxes  and  e-mails,  you 
get  color  that’s  truly  productive.  And  by  also 
providing  those  functions  in  black  and  white,  you’ll 


Xerox  color  printers 
&  multifunction  systems 


meet  all  your  document  needs  from  one  convenient 
place.  Better  yet,  the  cost  effectiveness  is  spectacular. 
Xerox  color  expertise  is  already  at  work  in  thousands  of 
companies,  helping  offices  everywhere  reach  new 
levels  of  productivity.  Put  it  to  work  in  your  office, 
and  see  how  easily  it  can  expand  your  horizons. 

XEROX. 


xerox.com/color  |  Technology  |  Document  Management  |  Consulting  Services  j 
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Health  Records 


up,  maintenance  and  training 
for  the  patient-charting  and 
medication-prescribing  soft¬ 
ware  for  a  monthly  fee.  Mor¬ 
gan  Haugh  plans  to  purchase 
additional  software  licenses 
from  McKesson  as  it  adds 
clients,  Paul  said. 

While  software  and  hard¬ 
ware  costs  for  smaller  prac¬ 
tices  could  total  hundreds  of 
thousands  of  dollars,  Paul’s 
group  can  offer  EMR  services 
for  several  hundred  dollars 
per  month,  he  said. 

The  Harbin  Clinic  LLC,  a 
Rome,  Ga.-based  practice  with 
about  130  physicians,  plans  to 
begin  offering  hosted  access  to 
its  EMR  system  within  the 
next  two  months,  said  CIO 
Thomas  Fricks. 

The  practice  uses  an  EMR 
system  from  Chicago-based 
Allscripts  Healthcare  Solu¬ 
tions  Inc.,  which  will  license 


The  State  of  EMR 

The  Healthcare  Information  and 
Management  Systems  Society 
reported  the  following  findings 
from  a  recent  online  survey  of 
health  care  IT  executives: 

Almost  two-thirds  of  the 
respondents  said  EMRs  will  be 
their  most  important  applica¬ 
tion  in  the  next  two  years. 


About  18%  said  that  their 
organizations  have  a  fully  oper¬ 
ational  EMR  system  in  place. 


; 


42%  said  their  organizations 
are  installing  EMR  systems, 
while  22%  have  developed 
a  plan  to  deploy  EMR. 

■17%  said  their  organizations 
don’t  have  plans  to  deploy 
EMR  technology. 

BASE:  253  IT  executives  at  U.S.  health 
care  organizations  who  completed  a 
Web-based  questionnaire  between 
Dec.  6, 2004.  and  Jan.  26, 2005 


the  software  to  Harbin  at  a 
discount.  The  clinic  will  pro¬ 
vide  frame-relay  access  to  its 
practice  clients,  Fricks  said. 


Harbin  will  provide  first- 
and  second-level  support  for 
the  e-prescribing,  electronic 
tasking  and  lab  results  software 
with  its  20-member  IT  staff 
and  run  the  software  on  its 
servers.  The  practices  buying 
access  would  pay  for  the  indi¬ 
vidual  physician  licenses  they 
use,  communications  costs  to 
connect  with  Harbin,  and  hard¬ 
ware  such  as  laptops,  desktop 
PCs  or  tablet  PCs,  he  said. 

Fricks  wouldn’t  estimate  a 
cost  for  the  hosted  service  but 
said  it  would  be  “substantially 
less”  than  the  price  a  small 
practice  would  pay  to  move 
ahead  on  its  own. 

“It  makes  a  lot  of  sense  for 
us  to  get  close  to  that  referral 
base,  from  a  business  point  of 
view  and  from  a  patient  point 
of  view  to  share  information,” 
he  added. 

Allscripts  has  been  quietly 
working  to  advance  the 
concept  of  larger  practices 
sharing  its  software  with 
smaller  practices  for  the  past 


several  months,  Fricks  added. 

For  several  years,  William 
Davis,  an  independent  family 
practitioner  in  a  four-member 
practice  in  Winona,  Minn.,  has 
been  using  EMR  software  from 
Kansas  City,  Mo.-based  Cerner 
Corp.  that  is  run  by  an  area 
hospital.  The  hospital  gives 
Davis  access  to  the  software 
for  the  same  cost  he  would  pay 
monthly  for  an  individual  li¬ 
cense  and  handles  networking 
and  hardware  support.  Cerner 
employees  at  the  hospital  han¬ 
dle  software  problems. 

“If  we  have  software  issues, 
we  can  get  it  resolved  often 
within  minutes,  [and]  we 
haven’t  had  any  significant 
downtime,”  Davis  said. 

Exploring  New  Territory 

While  hospitals  commonly  of¬ 
fer  EMR  access  to  physician 
practices  they  own,  many  are 
now  offering  fee-based  access 
to  independent  physicians. 

North  Memorial  Health 
Care,  an  independent  hospital 


Continued  from  page  1 

Missing  Tapes 

held  the  40  data  tapes  was  lost 
on  March  22,  Time  Warner 
spokeswoman  Kathy  McKier- 
nan  said.  The  tapes  went  miss¬ 
ing  during  a  routine  shipment 
to  an  off-site  facility  by  records 
management  and  storage  firm 
Iron  Mountain  Inc.  McKiernan 
wouldn’t  provide  more  details. 

However,  McKiernan  did  say 
Time  Warner  is  trying  to  con¬ 
vince  officials  at  Boston-based 
Iron  Mountain  to  change  some 
of  their  handling  procedures. 
She  declined  to  expand  on  the 
status  of  those  discussions. 

The  $42  billion  New  York- 
based  media  giant  also  said 
it  has  provided  the  affected 
employees  with  resources  to 
monitor  their  credit  reports. 
The  lost  tapes  didn’t  include 
data  about  Time  Warner  cus¬ 
tomers,  the  company  said. 

Larry  Cockell,  Time  Warn¬ 
er’s  chief  security  officer, 
added  that  “we  are  working 
closely  and  aggressively  with 
law  enforcement  and  the  out¬ 
side  data-storage  firm  to  get  to 
the  bottom  of  this  matter.” 


Iron  Mountain  said  it  has 
had  four  incidents  of  tapes  go¬ 
ing  missing  this  year.  In  late 
April,  Ameritrade  Holding 
Corp.  in  Omaha  lost  a  data 
tape  with  the  names  of 
200,000  clients  [QuickLink 
53906].  At  the  time,  the  com¬ 
pany  wouldn’t  disclose  how 
the  tapes  were  lost,  but  in  an 
interview  last  week,  Ameri¬ 
trade  CIO  Asiff  Hirji  said  that 
the  tape  fell  off  a  conveyer 
belt  in  a  shipping  facility. 

Assuming  the  Worst 

Hirji,  who  wouldn’t  identify 
the  carrier,  said  that  for  “what¬ 
ever  reason,”  the  shipper  took 
“a  bunch”  of  tapes  out  of  its 
original  secure  box  and  placed 
them  into  another  box.  Some¬ 
time  after  that,  the  second  box 
was  damaged  on  the  conveyer 
belt,  and  four  tapes  fell  out. 

“We  found  three,”  he  said. 
“That  other  tape.  I’m  almost 
100%  sure,  is  somewhere  in 
that  facility  —  probably  in  the 
rubbish  bin.  Or  it  has  been  de¬ 
stroyed  in  their  lost  and  found. 
However,  we  can’t  take  that 
chance.  We  have  to  assume  it’s 
lost  and  has  gotten  into  nefari¬ 
ous  hands.  I’m  not  pointing 


fingers.  I’m  not  deflecting 
blame.  It’s  our  responsibility.” 

Like  Time  Warner,  Ameri¬ 
trade  is  taking  steps  to  protect 
the  confidentiality  of  clients 
whose  names  and/or  Social 


Lost  Data 

Some  of  the  major  data  thefts 
or  losses  this  year: 

FEBRUARY:  ChoicePoint 

discloses  that  hackers  accessed 
data  on  145,000  people. 

MARCH:  Retail  Ventures  Inc. 

reports  theft  of  credit  card  infor¬ 
mation  from  103  of  its  175  DSW 
Shoe  Warehouse  stores. 

MARCH:  Bank  of  America  admits 
losing  backup  tapes  with  credit 
card  data  on  1.2  million  customers, 
including  60  U.S.  senators. 

MARCH:  Reed  Elsevier  reveals 
hackers  stole  information  on  at 
least  32,000  people  from  Lexis- 
Nexis  databases . 

APRIL:  Ameritrade  Holding 

admits  losing  a  backup  tape 
containing  personal  information 
on  200,000  clients. 

MAY:  Time  Warner  says  it  lost 
40  backup  tapes  with  information 
on  about  600,000  workers. 


Security  numbers  were  on  the 
lost  tape.  For  example,  the 
company  has  stepped  up  mon¬ 
itoring  to  detect  whether  any 
identities  have  been  compro¬ 
mised.  So  far,  Hirji  said,  there 
has  been  no  evidence  of  com¬ 
promised  data. 

Hirji  said  Ameritrade  is  also 
looking  at  encrypting  data 
on  archive  tapes  and  using 
shipping  boxes  that  can’t  be 
opened  so  easily. 

Melissa  Burman,  director  of 
corporate  communications  at 
Iron  Mountain,  said  her  com¬ 
pany  has  stepped  up  training 
of  employees  in  the  handling 
of  sensitive  data  on  tapes. 

“We’re  doing  5  million  pick¬ 
ups  and  deliveries  a  year; 
that’s  a  huge  volume.  We  do 
have  incidents  from  time  to 
time,”  she  said.  “We  will  look 
at  every  opportunity  we  can  to 
make  incremental  improve¬ 
ments  in  our  process.” 

Moreover,  Burman  said, 
customers  need  to  encrypt 
private  information  on  their 
backup  tapes. 

Bart  Lazar,  a  privacy  and  in¬ 
tellectual  property  lawyer  and 
partner  at  the  law  firm  Seyfar- 
th  Shaw  LLP,  in  Chicago,  said 


in  Robbinsdale,  Minn.,  is  host¬ 
ing  a  meeting  in  two  weeks  to 
gauge  the  interest  of  about 
600  affiliated  physicians  in  ac¬ 
cessing  the  hospital’s  Epic  Sys¬ 
tems  Corp.  EMR  system 
through  a  hosted  model,  said 
Pat  Taffe,  the  hospital’s  CIO. 

“It  is  definitely  new  ground 
that  is  being  plowed  right  now 
with  affiliates,”  he  said. 

The  notion  of  smaller  prac¬ 
tices  outsourcing  EMR  soft¬ 
ware  from  larger  practices  and 
hospitals  may  be  one  of  the 
few  economically  feasible  op¬ 
tions  for  these  users  to  gain 
access  to  full-featured  EMR 
systems,  said  Mark  Leavitt, 
medical  director  of  the 
Healthcare  Information  and 
Management  Systems  Society. 

Still,  he  noted  that  they 
must  walk  a  fine  line  to  com¬ 
ply  with  federal  legislation 
that  prohibits  hospitals  from 
offering  doctors  incentives  — 
like  discounted  rates  —  to 
refer  patients  to  the  hospital. 
©  54233 


that  as  data-loss  incidents  pile 
up,  the  companies  found 
responsible  will  likely  face 
pressure  to  change  their  data- 
security  standards.  Most  of 
the  pressure,  he  noted,  won’t 
come  from  Congress  but  from 
insurance  companies  requir¬ 
ing  more  stringent  safeguards. 

Part  of  the  current  problem, 
Lazar  said,  is  that  companies 
don’t  have  proper  chain-of- 
custody  requirements  or  en¬ 
cryption  technology  in  place. 

“I’ve  dealt  with  many  of 
these  companies,  and  if  you 
ask  them  what  happens  with 
their  data . . .  they  can’t  chart 
it,”  he  said.  “Or  the  companies 
know  what  to  do,  and  they  just 
haven’t  committed  the  re¬ 
sources  to  do  it.” 

Lazar  said  data-loss  inci¬ 
dents  will  also  likely  spin- 
companies  to  turn  to  internal 
data-protection  schemes  in¬ 
stead  of  using  third-party  ser¬ 
vice  providers  or  external  data 
processors.  ©  54195 


MORE  ON  AMERITRADE 

Q&A:  Ameritrade  CIO  Asiff  Hirji  discusses 
the  Datek  merger  and  Ameritrade’s  use  of 
midrange  storage  equipment  and  open- 
source  technologies.  Page  41 
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DON  TENNANT 


Courting  Controversy 


WITHIN  MINUTES  after  my  Q&A 

with  Gerald  Cohen  was  posted 
on  our  Web  site  last  week  [Quick- 
Link  54143],  the  e-mails  started 
pouring  in.  The  founder  and  CEO 
of  business  intelligence  software  vendor  Information 
Builders  had  certainly  stirred  some  emotions  with 
his  comments  against  offshore  outsourcing  and  lift¬ 
ing  the  H-1B  visa  cap. 

“Congratulations  for 


letting  someone  tell  it  like 
it  is!  Gerald  Cohen  de¬ 
serves  a  medal,”  cheered 
one  reader.  “This  guy  is 
an  American  hero  for 
sticking  to  his  guns  and 
bucking  the  popular 
trends,”  gushed  another. 

A  third  had  quite  a  differ¬ 
ent  view:  “Mr.  Cohen  is 
not  only  wrong,  but  also 
foolish,”  he  grumbled. 

When  you  get  polar  op¬ 
posite  reactions  to  what  you’ve  said, 
you  know  you’ve  said  something 
worthwhile.  That  Cohen  is  worth  lis¬ 
tening  to  stems  from  the  simple  fact 
that  he  doesn’t  avoid  controversy.  In 
fact,  he  appears  to  relish  it. 

He  didn’t  seem  particularly 
thrilled  to  discuss  the  delay  of  his 
flagship  WebFocus  7  product  (it’s 
now  expected  to  ship  “a  month  or 
two”  late,  sometime  this  summer), 
but  other  than  that,  he  was  as  candid 
as  they  come.  Cohen  was  perfectly 
willing  to  chime  in,  for  example,  on 
the  recent  troubles  at  Siebel  Sys¬ 
tems.  (“It’s  an  unpleasant  company 
to  work  for. . . .  The  remarkable  thing 
about  Siebel  is  they  survived.”) 

Cohen’s  most  colorful  comments, 
by  far,  came  during  our  discussion  of 
the  offshore  outsourcing  and  H-1B  is¬ 
sues.  He  said  he  doesn’t  buy  the  argu¬ 
ment  about  outsourcing  to  India  as  a 
means  of  getting  a  foothold  in  that 
market.  (“What  are  you  selling  in 
India?  Zilch.”)  And  he  scoffed  at  Bill 
Gates’  recent  statements  about  there 
being  a  need  to  get  rid  of  the  H-1B 
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visa  cap.  (“He’s  full  of  it.”) 

I  love  a  good  sound 
bite  as  much  as  the  next 
interviewer,  but  what  I 
appreciated  even  more 
was  Cohen’s  candor  with 
respect  to  the  dilemma 
he  faces  over  what  he  has 
to  do  to  keep  his  own 
company  profitable.  As 
chairman  of  the  New 
York  Software  Industry 
Association,  Cohen  is 
obliged  to  champion  the 
cause  of  keeping  IT  jobs  in  the  U.S. 
—  he’s  clearly  an  advocate  for  re¬ 
stricting  H-1B  visas  and  for  avoiding 
offshore  outsourcing.  But  he  ac¬ 
knowledged  that  Information  Build¬ 
ers  sends  “the  routine  kind  of  quality 
assurance  work”  offshore.  “I  can  get 
things  done  cheaper  in  Moscow  than 


I  can  in  New  York  City,”  Cohen  said. 

Still,  he  didn’t  shy  away  from  the 
fact  that  “a  lot  of  these  jobs  that  go 
overseas  are  the  spawning  grounds 
for  future  jobs.”  QA  work  has  tradi¬ 
tionally  blazed  a  career  path  to  pro¬ 
gramming  and  ultimately  to  more 
advanced  software  design,  so  send¬ 
ing  it  offshore  damages  the  employ¬ 
ment  ecosystem.  “The  whole  indus¬ 
try’s  going  to  move  offshore,”  Cohen 
lamented. 

So,  what’s  the  answer?  Cohen 
doesn’t  pretend  to  have  it.  “I  have 
no  solution  for  how  we’re  going  to 
throttle  this  in  some  way,”  he  said, 

But  you  know  what?  At  least  he’s 
willing  to  talk  about  it,  and  to  do  so 
with  candor  and  humility.  I  don’t 
know  that  there’s  much  more  we  can 
ask  for.  What’s  unfortunate  is  that  so 
few  people  are  willing  to  even  dis¬ 
cuss  the  topic  on  the  record  because 
they’re  afraid  of  being  judged  in  the 
court  of  public  opinion. 

I  don’t  know  whether  Cohen  is 
an  American  hero  who  deserves  a 
medal,  but  I  do  know  he’s  not  foolish. 
What’s  foolish  is  thinking  you  can 
be  a  respected  leader  without  being 
willing  to  speak  your  mind.  ©  54202 


BRUCE  A.  STEWART 

All  Packaged 
Up,  Nowhere 
ToGo 

During  the  past  10 
years,  we  in  IT  have 
done  a  solid  job  of 

weaning  ourselves  from  the 
notion  that  custom  applications  are  a 
good  idea. 

Packages  have  replaced  our  applica¬ 
tions  of  old.  When  we  want  something 
new,  our  first  thought  is  to  look  for  a 
product  we  can  buy. 

If  the  goal  is  simply  to  provide  tech¬ 
nology  to  support  the  enterprise,  that’s 
the  right  way  to  go  about  it.  But  the 
game  is  changing  again,  and  custom 
applications  are  returning  to  the  fore. 

IT  is  now  woven  throughout  the  en¬ 
terprise,  and  there  are  few  job  func¬ 
tions  nowadays  that  don’t  depend  on 
the  continuing  oper¬ 
ation  of  some  IT  sys¬ 
tem.  With  plant 
floors  receiving  ma¬ 
terials  through  the 
workings  of  IT  sys¬ 
tems,  even  workers 
on  the  line  depend 
on  IT  (even  if  they 
don’t  experience  it 
directly).  But  the 
challenge  is  this:  If 
everyone  has  the 
same  stuff,  how  do 
we  differentiate  our¬ 
selves  from  our  com¬ 
petitors? 

In  his  book  Does 
IT  Matter?,  Nicholas 
G.  Carr  argues  that 
we  don’t  —  and  shouldn’t.  But  CEOs 
disagree. 

Bruce  Rogow’s  firm,  Vivaldi  Odyssey 
and  Advisory,  reports  that  CEOs  con¬ 
sider  as  much  as  30%  of  their  business¬ 
es  to  be  “dead”  —  they’re  producing 
products  and  taking  in  money,  but  they 
have  no  growth  potential  and  must 
compete  solely  on  price.  CEOs  are 
calling  for  innovation  to  produce 
growth. 

But  innovation  can’t  be  found  in  the 
packaged  application  market.  Business 
processes,  problems  and  methods 
must  become  common  before  a  pack¬ 
age  can  find  the  repeat  business  need¬ 
ed  to  make  it  a  successful  product  (and 
justify  its  development  costs).  Poten¬ 
tial  clients  must  be  (or  be  willing  to 
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become)  similar  enough  to  implement 
the  package  and  have  it  fit  their  needs. 
What  this  says  is  that  companies  will 
share  a  base  of  common  enterprise  sys¬ 
tems  but  season  those  with  applica¬ 
tions  that  are  unique. 

Before  jumping  up  and  down  with 
joy  (“The  fun  is  back  in  IT!”)  or  hang¬ 
ing  your  head  in  despair  (“That’s  how 
we  blew  our  budget  and  credibility  be¬ 
fore!”),  stop  and  recognize  that  some¬ 
thing  else  has  changed.  Service-orient¬ 
ed  architectures  and  the  creation  of 
Web  services  have  made  creating  cus¬ 
tom  extensions  —  even  whole  new  ca¬ 
pabilities  —  less  risky  than  in  the  past. 

This  brings  us  to  the  real  point  of 
custom  code.  It  should  be  focused  and 
light,  just  enough  to  get  the  job  done. 

To  get  there,  we  also  have  to  adopt 
new  practices.  Start  by  rigorously  sep¬ 
arating  your  requirements  from  your 
specifications.  Requirements  are  about 
the  problem  you  are  solving  and  the 
work  the  custom  code  will  do  (or  the 
product  it  will  be).  Good  requirements 
talk  about  how  each  item  in  the  func¬ 
tions  being  designed  can  directly  lead 
to  measurement  of  a  business  result. 
(Business  cases  are  developed  from 
these;  the  proof  that  value  was  deliv¬ 
ered  comes  from  measuring  the  results 
later.)  Specifications,  on  the  other  hand, 
are  about  how  the  solution  is  delivered. 

Getting  the  requirements  done  allows 
you  to  know  precisely  what  you  are  im¬ 
plementing  —  and  then  to  do  no  more 
than  that.  (Do  you  use,  or  even  know 
the  function  of,  all  the  buttons  on  the 
tool  bar  in  any  application?  It’s  waste¬ 
ful  to  overbuild.)  Freeze  these  (you’re 
delivering  a  product,  and  time  to  mar¬ 
ket  matters)  and  get  it  built.  There’s  al¬ 
ways  Release  2  for  new  requirements 
that  emerge  later. 

Deliver  innovative  solutions  that  do 
“just  enough,”  and  become  victorious 
in  your  CEO’s  eyes.  O  54038 


THORNTON  A.  MAY 

IT  May  Have 
Become  Too 
Invisible 

THERE’S  no  such  thing 
as  bad  publicity,  they 
used  to  say  in  Holly¬ 
wood.  Far  better  to  be  talked 

about  negatively  than  not  to  be  thought 
about  at  all. 

The  IT  profession  may  be  in  need  of 


some  publicity.  The  results 
of  a  recent  survey  of  55  of 
the  top  executive  MBA  can¬ 
didates  —  degree-seeking 
students  who  have  full-time 
jobs  —  at  the  Fisher  College 
of  Business  at  Ohio  State 
University  indicate  that  IT 
—  what  it  is,  what  it  does 
and  what  it  can  do  —  isn’t 
on  the  minds  of  next-gener¬ 
ation  business  leaders. 

■  75%  said  they  didn’t 
think  much  about  IT. 

■  66%  didn’t  know  who 
the  CIO  was  at  their  company. 

■  48%  had  “never  actually  met  an 
IT  person.” 

■  63%  were  hard-pressed  to  articu¬ 
late  the  IT  strategy  of  the  company 
they  worked  for. 

■  84%,  when  asked  to  recall  personal 
experiences  related  to  IT,  cited  very 
negative  situations,  such  as  IT  failing 
to  deliver  on  something. 

This  data  correlates  with  research 
conducted  at  the  IT  Leadership  Acade¬ 
my  that  documented  that  IT  has  an  im¬ 
age  problem.  In  addition,  large  subsets 
of  the  IT  tribe  are  experiencing  an 
identity  crisis,  exhibiting  pronounced 
uncertainty  about  the  roles  they  play 
today  and  will  play  in  the  future. 

The  image  problem  involves  the 


external  awareness  or  per¬ 
ception  of  who  IT  is  and 
what  it  does.  The  identity 
problem  concerns  an  inter¬ 
nal  awareness  of  who  IT  is 
and  what  it  does.  Image  is 
linked  tightly  to  reputation, 
which  is  defined  as  the  col¬ 
lective  judgment  by  out¬ 
siders  of  an  organization’s 
actions  and  achievements. 
It’s  one  thing  to  be  judged 
harshly.  It’s  quite  another 
not  to  be  judged  at  all. 

Most  IT  leaders  are 
probably  familiar  with  emerging  re¬ 
search  that  characterizes  the  con¬ 
temporary  enterprise  as  an  assembly 
of  skills  tribes  —  marketing,  finance, 
operations  and  IT.  These  tribes 
should  be  —  but  in  most  cases  aren’t 
yet  —  integrated.  Each  tribe  has  its 
own  language,  belief  system  and  set 
of  rituals. 

Success  for  the  enterprise  is  seen  as 
a  function  of  whether  leadership  can 
get  the  tribes  to  play  well  together.  Un¬ 
til  recently,  many  in  IT,  myself  includ¬ 
ed,  labored  under  the  impression  that 
the  first  step  on  the  path  to  success  is 
to  understand  how  each  discipline 
thinks.  We  were  wrong.  The  real  first 
step  is  to  make  sure  the  other  tribes 
know  you  exist. 


The  mission  for  many  IT  shops  is  to 
go  unnoticed  in  the  way  that  an  eleva¬ 
tor  goes  unnoticed  when  it’s  function¬ 
ing  properly.  But  have  we  become  too 
invisible?  Has  IT  fallen  off  the  radar 
screen  of  the  next  generation  of  busi¬ 
ness  leaders?  If  so,  how  do  we  build 
credibility  with  those  leaders? 

Conventional  wisdom  tells  us  that 
any  enterprise  has  three  primary  agen¬ 
das:  the  build  agenda,  the  run  agenda 
and  the  change  agenda.  Having  taken 
part  in  those  first  two  agendas  by 
building  (or  at  least  providing)  the 
company’s  IT  infrastructure  and  then 
migrating  it  to  a  lights-out  mode  of 
operation,  IT  has  one  obvious  role  re¬ 
maining:  to  participate  actively  and 
contribute  substantively  to  enterprise 
transformation  and  innovation. 

The  challenge  for  the  discipline  is 
that  most  of  the  executives  currently 
involved  in  such  activities  don’t  think 
of  IT  as  being  able  to  contribute  much 
in  the  transformation  and  innovation 
arena.  What’s  worse,  the  people  who 
will  take  those  executives’  places  don’t 
really  think  about  IT  people  at  all.  We 
have  to  change  this.  ©  54098 
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The  Key  Is  Strong 
Authentication 


Vendors  Can  Be 
True  Partners 

IN  THE  INTERVIEW  on  vendor 
negotiations  ["Tough  Tactics," 
QuickLink  51968],  Joe  Auer  says, 
“First,  it's  a  fantasy  that  it’s  a  part¬ 
nership."  That  is  incorrect.  A  good 
partnership  depends  on  trust  and 
room  for  value-add.  In  my  industry 
(construction),  contracts  come  with 
many  pages  of  legal  discussions  of 
what  happens  when  things  go  bad, 
and  everybody  knows  that  the  best 
resolutions  occur  when  nobody 
ever  has  to  refer  to  those  pages. 
And  the  worst  resolutions  occur 
when  they  do  refer  to  those  pages 
and  the  lawyers  parse  them.  A  part¬ 
nership  can  be  real  as  well  as  ex¬ 
tremely  rewarding  when  it  is  based 
on  differing  expertise  and  an  ex¬ 
pectation  that  both  parties  will  ben¬ 
efit  from  the  transaction.  In  busi¬ 
ness,  as  in  life,  you  cannot  have 
your  friends  and  eat  them  too.  Your 
suppliers  won’t  be  there  for  you  if 
you  drive  them  out  of  business. 
Auer's  viewpoint  is  corrosive  to 


the  vendor/customer  relationship. 
Such  thinking  has  led  to  reverse 
auctions  and  the  damaged  relation¬ 
ships  that  have  followed.  While 
there  are  commodity-based  and 
price-based  transactions,  there  are 
also  knowledge-based  and  trust- 
based  ones. 


THE  ARTICLE  “Microsoft  Gives 
Blaster  Author  a  Break  on  Dam¬ 
ages"  [QuickLink  53500]  stated 
that  in  lieu  of  paying  $497,546  in 
restitution,  Jeffrey  Lee  Parson  will 
have  to  do  225  hours  of  community 
service  over  a  three-year  period. 
What  crap.  The  guy  causes  all  that 
damage  and  gets  to  work  off  the 
fine  at  $2,211  an  hour,  for  less  than 
an  hour  and  a  half  a  week.  Do  you 
think  for  a  second  that  this  type  of 
treatment  is  a  deterrent? 

Larry  M.  Litwin 
Programmer/analyst, 

Albany,  N.Y. 


RECENT  NEWS  about  hackers 
stealing  information  shows  that 
we  have  arrived  at  a  crisis  point.  The 
information  can  be  rendered  unus¬ 
able,  however.  The  trick  is  to  imple¬ 
ment  strong  authentication,  using 
PKI  certificates.  The  current  one¬ 
way  SSL  approach  is  inadequate, 
because  user  authentication  using  a 
username  and  PIN  is  rather  weak. 
Donald  Chi 
Program  manager, 
Gaithersburg,  Md., 
donchi@ieee.org 


HE  ARTICLE  “Invasion  of 
the  iSCSI  Arrays”  [QuickLink 
53298]  seems  incomplete  in  regard 
to  pricing  options.  What  responsible 
IT  manager  wouldn't  look  at  Apple's 
Xserve  RAID  technology?  For  the 
$47,000  that  Jim  Tarala  spent,  he 
could  have  purcJjHed  about  20TB 
of  storage  fromApple.  It  connects 


over  Fibre  Channel  and  doesn’t 
need  Apple’s  operating  system  to 
access  it.  It  has  a  Java-based  con¬ 
figuration  client  that  will  run  on  Win¬ 
dows.  For  half  of  what  he  spent, 
Tarala  could  have  purchased  twice 
as  much  capacity.  Just  because  the 
“standard"  vendors  are  expensive 
doesn't  mean  there  aren't  cheap  yet 
reliable  options.  And  who  would 
have  thought  that  option  would  be 
Apple? 

Stu  Duncan 

IS  manager,  Greenville,  N.C. 
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comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
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puterworld,  P0  Box  9171, 1  Speen 
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Fax:(508)879-4843.  E-mail: 
letters@computerworld.com. 
Include  an  address  and  phone 
number  for  immediate  verification. 
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Punish  the  Guilty 


Apple’s  RAID  Entry 
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Chilling  Out  With  DC  Power 

DC  power-delivery  systems  allow  server 
racks  to  run  as  much  as  15%  cooler 
than  they  would  with  AC  power,  and 
the  reliability  can’t  be  beat.  Rising 
temperatures  could  push  more  data 
centers  to  make  the  switch.  Page  23 


SECURITY  MANAGER’S  JOURNAL 

Protecting  the 
Crown  Jewels 

Mathias  Thurman  looks  at  various 
options  for  protecting  one  of  his 
company’s  most  valuable  assets  — 
its  source  code.  Page  24 


Q&A 

Unconventional  Innovation 

Dell  CTO  Kevin  Kettler  says  the 
computer  maker’s  involvement  in  efforts 
to  define  emerging  technologies  such  as 
PCI  Express  has  helped  better  focus 
technology  on  customer  needs.  Page  22 


eople  and  passwords  — 

I  in  the  long  run,  they  just 
don’t  work  very  effec¬ 
tively  together.  At  least 
that’s  what  Phil  Fowler, 
vice  president  of  IT  at  Telesis  Com¬ 
munity  Credit  Union,  a  Chatsworth, 
Calif. -based  financial  services  pro¬ 
vider  that  manages  $1.2  billion  in 
assets,  found  out.  His  team  ran  a  net¬ 
work  password  cracker  as  part  of  an 
enterprise  security  audit  last  year  to 
see  if  employees  were  adhering  to 
Telesis’  password  policies.  They 
weren’t. 

“Within  30  seconds,  we  had  identi¬ 
fied  probably  80%  of  people’s  pass¬ 
words,”  says  Fowler,  whose  group 
immediately  asked  employees  to 
create  strong  passwords  that  adhered 
to  the  security  requirements.  A 
few  days  later,  the  team  ran  the 
password  cracker  again:  This  time, 
they  cracked  70%. 

“We  couldn’t  get  [employees]  to 
maintain  strong  passwords,  and 
those  that  did  forgot  them,  so  the 
help  desk  would  have  to  reset  them,” 
says  Fowler.  Telesis  decided  to  se¬ 
cure  network  and  application  access 
with  a  biometric  system  that  elimi¬ 
nated  the  need  for  user  IDs  and  pass¬ 
words,  opting  for  the  Digi- 
talPersona  fingerprint  sys¬ 
tem  from  DigitalPersona  Inc.  in 
Redwood  City,  Calif. 

The  use  of  biometrics  —  the 
mathematical  analysis  of  charac¬ 
teristics  such  as  fingerprints, 
veins  in  irises  and  retinas,  and 
voice  patterns  —  as  a  way 
to  authenticate  users’  iden¬ 
tities  has  been  a  topic  of  discussion 
for  years.  Early  commercial  success 
stories  have  largely  come  from  apply¬ 
ing  biometrics  to  projects  with  prov¬ 
able  returns  on  investment:  time  and 
attendance,  password  reduction  and 
reset,  and  physical  access  control. 
Though  biometric  work  remains  pri¬ 
marily  in  the  pilot  stages,  the  events 
of  9/11  pushed  emerging  commercial 
products  to  center  stage  —  a  spot 


some  say  they  weren’t  ready  to  claim. 
Vendor  focus  shifted  from  the  private 
sector  toward  the  huge  contracts 
many  expected  would  be  awarded  in 
the  public  sector,  say  observers. 

The  attacks  on  9/11  “brought  focus 
to  what  was  going  on  in  biometrics, 
and  [vendors]  switched  gears.  Where 
previously  they  were  thinking  about 
[biometrics]  for  enterprise  access, 
they  decided  government  contracts 
were  the  next  gold  mine  and  jumped 
on  that,”  says  C.  Maxine  Most,  presi¬ 
dent  of  Acuity  Market  Intelligence  in 
Boulder,  Colo. 

The  problem  with  this  strategy,  she 
says,  is  that  commercial  biometric 
systems  aren’t  standardized  and 
haven’t  been  tested  in  large-scale  im¬ 
plementations  of  the  type  federal 
agencies  are  undertaking,  such  as  the 
US-VISIT  and  Transportation  Work¬ 
er  Identification  Credential  projects. 

Samir  Nanavati,  a  partner  at  Inter¬ 
national  Biometric  Group  LLC,  a  con¬ 
sultancy  in  New  York,  says  the  prob¬ 
lem  was  more  a  lack  of  public-sector 
readiness  than  technology  shortfalls. 

“In  2001,  the  private  sector  was  ag¬ 
gressively  researching  and  testing 
biometrics,  and  the  public  sector  had 
a  couple  of  projects,”  Nanavati  says. 
“After  September,  the  biometrics  in¬ 
dustry  reread  the  whole  landscape 
and  decided  to  gravitate  toward  the 
public  sector,  going  after  a  market 
that  wasn’t  ready  for  them.”  But,  he 
adds,  there  are  plenty  of  smaller 
stories  of  “biometrics  hitting  the  bot¬ 
tom  line”  in  the  private  sector. 

Finger  on  Access 

That  has  been  the  case  for  Telesis, 
which  has  rolled  out  fingerprint- 
based  network  and  systems  access 
technology  in  its  headquarters  and 
credit-union  branches.  Once  Telesis 
has  thoroughly  tested  the  system,  the 
company  will  deploy  it  in  the  offices 
of  Business  Partners  LLC,  its  busi¬ 
ness  loan  services  partner.  Users  no 
longer  need  to  remember  IDs  and 
passwords  because  DigitalPersona 
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authenticates  enrolled  personnel  via 
fingerprint  scanners,  tying  the  finger¬ 
prints  to  256-character  passwords  that 
it  randomly  generates  every  45  days. 

Fowler  says  Telesis  looked  at  a  single 
sign-on  application  but  was  uncom¬ 
fortable  with  the  idea  that  one  authen¬ 
tication  would  provide  access  to  the 
network  and  all  connected  applica¬ 
tions.  With  the  current  deployment, 
employees  touch  their  scanners  to  gain 
access  to  each  application  they  use,  in¬ 
cluding  homegrown  and  third-party 
Web-based  applications. 

The  system  is  already  integrated  with 
Microsoft  Corp.’s  Active  Directory  for 
network  access,  and  fingerprint  pro¬ 
files  are  encrypted  and  stored  directly 
in  Active  Directory,  relieving  worries 
Telesis  had  that  they  might  be  stored 
as  images  that  could  be  compromised. 
Telesis’  IT  department  is  reviewing 
applications  that  require  ID  and  pass¬ 
word  sign-ons  and  creating  profiles  for 
them  in  the  DigitalPersona  server. 

During  the  deployment’s  testing 
phase,  Fowler’s  team  encountered  a 
few  issues  related  to  mobile  workers. 
For  corporate  travelers,  the  company 
considered  equipping  laptops  with 
scanners,  but  most  Telesis  executives 
don’t  carry  their  laptops  unless  giving 
presentations;  they  prefer  to  use  hotel 
business  centers  or  Internet  cafes  to 
access  the  corporate  intranet.  When 
they  do  that,  they  use  static  but  diffi- 
cult-to-crack  passwords. 

Another  segment  of  Telesis’  mobile 
population  —  “roaming”  tellers  — 
are  another  concern,  says  Fowler.  He 
wants  to  be  able  to  lock  down  all  work¬ 
stations  so  that  the  Ctrl-Alt-Delete 
function  won’t  bring  up  the  user  ID 
and  password  log-in  option,  but  then 
roamers  wouldn’t  be  able  to  use  the 
teller  workstations  they  need. 

Although  Fowler  says  it’s  difficult  to 
quantify  ROI,  Telesis  is  pleased  with 
the  streamlined  network  access,  re¬ 
duced  password-reset  requests  and  the 
improved  security  ratings  audits  have 
found  since  it  adopted  DigitalPersona. 

Security  or  Convenience? 

The  kind  of  biometric  application  Tele¬ 
sis  is  piloting  —  user  authentication  for 
access  to  computer  systems  —  hasn’t 
thus  far  seen  the  adoption  rates  that 
many  had  expected,  according  to  Gart¬ 
ner  Inc.  analyst  Clare  Hirst.  She  adds 
that  she  doesn’t  expect  to  see  many 
more  such  deployments  before  2010. 

“We  hear  a  lot  about  biometrics,  but 
the  reality  is  that  most  of  the  projects 
are  still  in  pilot  stages,”  Hirst  says.  The 
most  mature  applications  of  biometric 
technology  are  in  systems  that  control 
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physical  access  to  facilities  and  keep 
records  of  time  and  attendance,  she 
says.  “With  time  and  attendance,  com¬ 
panies  can  use  finger-,  hand-  or  facial- 
recognition  technology;  get  rid  of  ac¬ 
cess  cards  and  mechanical  punch-in 
[devices];  and  it’s  not  a  security  issue 
—  it’s  to  save  money,”  Hirst  says. 

Though  it’s  not  using  biometrics  for 
actual  system  access,  Washington- 
based  Marriott  International  Inc.  is 
using  voice  authentication  technology 
to  reset  the  passwords  that  enable  ac¬ 
cess  to  its  intranet,  Active  Directory 
service  and  several  nonproprietary  ap¬ 
plications,  according  to  A1  Sample,  se¬ 
nior  vice  president  of  client  services. 

The  system,  Vocent  Password  Reset 
from  Vocent  Solutions  Inc.  in  Moun¬ 
tain  View,  Calif.,  complements  existing 
reset  options.  Users  can  also  change 
passwords  using  PC  or  Web-based 
tools,  or  they  can  call  the  help  desk. 
Around  a  third  of  the  40,000  Marriott 
employees  who  are  assigned  passwords 
take  advantage  of  the  Vocent  option. 

The  system  made  sense,  says  Sam¬ 
ple,  because  it  utilizes  Marriott’s 
phone  system  and  requires  no  special 
hardware.  The  Vocent  application  pro¬ 
vides  two-factor  authentication,  check¬ 
ing  a  user’s  voice  patterns  against  a 
stored  voiceprint  while  simultaneously 
verifying  user  information  through 
voice  recognition. 

“We  capture  a  voiceprint  through  a 
one-time  registration,  and  at  the  same 
time,  we  gather  some  key  information 
that  we  use  during  the  password-reset 
process,”  says  Sample. 

Given  the  costs  of  manual  password 
resets  —  Gartner  estimates  that  they 
cost  $10  to  $31  per  incident  —  Marriott’s 
self-service  deployment  has  translated 
into  strong  savings,  says  Sample,  par¬ 
ticularly  since  IT  requires  that  pass¬ 
words  be  changed  every  90  days. 

“We  have  a  very  large  [user]  base, 


I  WANT 
TO  READ 
YOUR  HAND 


ARGUMENTS  ABOUND  over  which 
biometric  system  provides  the  most  accu¬ 
rate  identification,  but  accuracy  is  only 
one  of  the  factors  driving  technology  de¬ 
cisions.  The  ways  and  the  places  in  which 
people  do  business  affect  the  biometrics 
that  businesses  deploy. 

First,  there's  the  little  matter  of  con¬ 
cerns  over  privacy  that  recent  events  have 
exacerbated.  Then  there’s  the  perceived 
or  real  intrusiveness  of  the  type  of  tech¬ 
nology  deployed,  where  it’s  deployed  and 
who’s  deploying  it.  A  person  might  not 
mind  putting  his  hand  in  a  reader  but  he 
might  object  to  having  his  retina  scanned. 

Then  there  are  straightforward  techno¬ 
logical  issues.  For  example,  voice  authen¬ 
tication  systems  can  be  hindered  by 
background  noise,  while  an  individual’s 
fingerprint  can  be  compromised  by  work- 


with  more  than  30,000  associates,  so 
you  can  imagine  the  amount  of  human 
intervention  required  for  manual  pass¬ 
word  resets,”  he  says. 

Waiting  for  Standards 

The  technology  behind  biometrics  rep¬ 
resents  an  emerging  commercial  mar¬ 
ket,  but  adoption  of  such  systems  won’t 
really  take  off  until  vendors  and  users 
agree  on  standards  in  areas  such  as  ap¬ 
plication  programming  interfaces,  com¬ 
mon  file  formats  and  data  interchange. 

The  scope  of  massive  federal  initia¬ 
tives  such  as  the  U.S.  Department  of 
Defense’s  Defense  Biometric  Identifi¬ 
cation  System  demands  standardized, 
interoperable  technologies,  says  David 
Wennergren,  the  U.S.  Department  of 
the  Navy’s  CIO.  He  is  also  chairman 
of  the  DOD’s  Identity,  Protection  and 
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Management  Senior  Coordinating 
Group,  which  oversees  agency  groups 
working  with  smart  cards,  public-key 
infrastructure  and  biometrics. 

The  DOD  is  using  fingerprint  bio¬ 
metrics  as  part  of  an  authentication 
process  for  providing  personnel  and 
associates  —  4  million  people  to  date 
—  with  smart  cards  for  physical  and 
network  access.  It’s  also  piloting  iris- 
and  facial-recognition  technologies. 

“It’s  key  that  we  have  interoperable 
systems  because  everybody’s  mobile; 
we  can’t  buy  a  proprietary  biometrics 
[system]  that  ultimately  only  works  at 
one  base,”  says  Wennergren,  who’s 
based  in  Crystal  City,  Va.  He  cites  a  re¬ 
cent  memo  issued  by  the  DOD  CIO  that 
mandates  that  the  agency’s  biometric 
collection  practices  align  with  FBI  stan¬ 
dards  so  the  agencies  can  share  data. 

“When  [the  DOD]  first  became  big 
consumers  of  smart  cards,  we  knew 
there  weren’t  perfect  standards  in 
place,  but  we  were  able  to  leverage  our 
size  and  work  with  other  agencies  and 
technology  providers  to  help  create 
standards,”  says  Wennergren.  He  says 
he  hopes  that  federal  agencies  will 
have  the  same  impact  in  driving  bio¬ 
metrics  standards.  O  54024 

Gilhooly  is  a  freelance  writer  in 
Falmouth,  Maine.  You  can  reach  her 
at  kymg@maine.rr.com. 

MORE  ONLINE 

For  additional  information  on  biometrics,  go  to: 

OQuickLink  54132 
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DELL  INC.’s  success  is  usually  chalked 
up  to  its  marketing  savvy  rather  than 
innovative  technology.  Chief  Technol¬ 
ogy  Officer  Kevin  Kettler  says,  however, 
that  the  company  has  played  a  pivotal 
role  behind  the  scenes,  helping  to 
shape  emerging  technologies  to  meet 
customer  needs.  Kettler  discussed 
Dell’s  impact  on  technology  in  a  recent 
interview  with  Computerworld's 
Robert  L.  Mitchell. 

What  role  does  R&D  play  at  Dell?  The  mod¬ 
el  we’ve  chosen  to  pursue  is  to  focus 
on  customer-driven  innovation.  We 
have  well  over  4,000  engineers  world¬ 
wide  who  are  working  on  product  de¬ 
velopment  and  research  leading  into 
product  development.  We  think  there’s 
a  pretty  strong  investment  there. 

To  what  extent  does  Dell  influence  the  devel¬ 
opment  of  the  core  technologies  that  go  into 
its  products?  One  of  the  best-kept  secrets 
around  is  what  exactly  our  influence  is 
in  this  area,  and  I  consider  it  very  ex¬ 
tensive.  Dell  has  core  teams  that  are 
working  [with  silicon  designers]  on 
where  we  think  customer  requirements 
are  and  where  we  think  innovation 
needs  to  occur  in  basic  silicon  design. 

We  are  down  at  very  low  levels  with 
chip  set  architectures,  chip  set  parti¬ 
tioning,  processor  interfaces,  proces¬ 
sor  architectures.  Right  now,  we  have 
discussions  going  on  on  products  we 
won’t  see  produced  until  the  2009-2010 
time  frame.  We  have  a  very  regimented 
process  and  approach.  We  will  typical¬ 
ly  drive  the  requirements  based  on 
what  we  are  generating  from  our  direct 
customer  touch. 

Can  you  give  an  example  of  how  Dell  has  in¬ 
fluenced  the  development  of  a  technology? 

The  most  recent  example  would  be 
PCI  Express.  Dell  was  a  very  early 
adopter  of  the  concept  of  needing  to 


move  to  a  new,  higher-speed  bus  inter¬ 
face  for  a  lot  of  different  reasons.  We 
brought  our  expertise  on  how  do  you 
put  that  into  a  system,  how  do  you  do 
board  layout,  how  do  you  ensure  that 
EMI  capabilities  are  not  being  exceed¬ 
ed,  how  do  you  ensure  that  cross  talk  is 
handled.  That’s  one  that  we’ve  partici¬ 
pated  in  from  its  earliest  infancy  the 
whole  way  through  to  delivery  of  PCI 
Express  capabilities  literally  through 
all  of  our  product  lines. 


What  emerging  technologies  are  you  most 
excited  about  that  are  likely  to  appear  in  Dell 
products  for  enterprise  users  over  the  next 
12  to  24  months?  One  of  those  is  the 
work  we’re  doing  around  Blu-ray  disk, 
[an]  emerging  standard  for  next-gener¬ 
ation  optical  disk  drives.  We’ve  been 
working  with  a  number  of  partners  in 
defining  the  fundamental  technology, 
what  it  is,  how  it’s  going  to  operate. 

We’re  also  excited  about  the  delivery 
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came  to  Dell  in  1996, 
first  working  in  development  for  the 
client  architecture  and  technology 
group.  Prior  to  joining  Dell,  he  spent 
12  years  at  IBM’s  PC  systems  division. 
Kettler  holds  a  doctoral  degree  in 
electrical  engineering  from  Carnegie 
Mellon  University. 


of  technologies  in  the  multicore  area 
around  processors.  Not  just  multicore 
processors  but  multicore  coupled  with 
some  of  the  virtualization  technologies 
and  techniques. 

Why  did  you  back  Blu-ray  and  not  the  com¬ 
peting  HD-DVD  standard?  When  you  look 
at  the  capacity  of  the  drives,  Blu-ray 
provides  significantly  more  headroom 
than  what  HD-DVD  does.  We  consider 
Blu-ray  a  pretty  major  change,  and  we 
wanted  to  make  sure  we  had  a  technol¬ 
ogy  that  was  going  to  have  some  lon¬ 
gevity  around  it,  especially  given  the 
investment  in  transitioning  customers 
to  a  new  format  for  all  of  their  content. 

What  synergies  do  you  see  between  multi- 
core  processors  and  virtualization?  Multi¬ 
core  is  putting  multiple  processors  on 
a  single  die  to  create  a  single  footprint. 
Today,  we  think  of  virtualization  as  a 
single  box  with  virtualization  software 
that  gives  the  impression  of  that  box 
serving  multiple  operating  environ¬ 
ments.  With  multicores,  if  I  partition 
up  my  system  using  virtualization  soft¬ 
ware,  I  can  start  to  dedicate  cores  to 
different  environments.  So  it  expands 
the  scope  of  traditional  virtualization 
technologies. 

Where  has  Dell  led  the  market  in  adopting 
new  technologies?  We  have  historically 
been  the  absolute  leader  in  delivering 
new  memory  technology  to  the  mar¬ 
ketplace.  Other  technologies  have  been 
more  unique.  If  you  look  at  our  note¬ 
book  products,  for  example,  we’ve  put 
together  some  pretty  novel  approaches 
for  handling  hard-drive  protection  that 
we  call  StrikeZone.  It’s  a  mechanism 
that  protects  [the  disk  drive]  when  you 
drop  a  notebook.  Other  things,  like  our 
battery  technologies,  and  particularly 
our  charging  techniques,  are  things  we 
created,  developed,  designed  and  de¬ 
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livered  to  the  marketplace. 

To  what  extent  does  Dell  help  design  the 
specifications  surrounding  the  emerging 
standards  it  supports?  There’s  an  amount 
of  the  architecture  definition  around 
PCI  Express  that  was  created  by  Dell 
engineers.  Another  example  is  a  speci¬ 
fication  called  Disk  Data  Format 
[DDF].  One  of  the  people  on  my  team 
wrote  that  specification  and  brought  it 
forward  to  the  Storage  Networking  In¬ 
dustry  Association. 

DDF  is  in  response  to  customer 
feedback.  A  customer  would  build  out 
a  Dell  server  or  external  storage  array 
and  might  have  a  set  of  disk  drives 
with  their  company’s  data  on  those 
drives.  [Then]  they  might  migrate  to  a 
different  machine.  What  was  at  issue 
was  that  each  of  the  five  controller 
manufacturers  was  using  proprietary 
formats  to  lay  out  the  data  and  tables 
associated  with  the  formatting  on  the 
drive.  So  [Dell  technology  strategist] 
Bill  Dawkins  heard  this  and  went  off 
and  wrote  a  specification  on  how  that 
architecture  should  fit  together  and 
has  driven  it  through  a  standards  body. 
It’s  been  accepted,  and  we’re  starting 
to  see  silicon  from  some  companies. 

At  the  end  of  the  day,  when  cus¬ 
tomers  plug  and  play  drives,  they 
won’t  run  into  the  potential  for  that 
data  to  be  unrecognized  and  misinter¬ 
preted  as  a  blank  drive  and  formatted 
over.  So  it’s  a  huge  win.  It’s  direct, 
customer-driven  innovation. 

Where  do  you  see  technology  moving  in  the 
next  three  years?  One  of  the  key  shifts 
that  is  occurring  is  that  with  the  addi¬ 
tion  of  blades  and  the  need  to  manage 
blades,  it’s  produced  a  razor  focus  at 
Dell  around  the  systems  management 
infrastructure  and  how  do  we  move 
from  a  systems  management  infra¬ 
structure  that  has  traditionally  been 
very  proprietary,  very  monolithic  in 
nature  to  something  that  is  going  to 
provide  greater  flexibility  to  manage 
. . .  across  this  mass  of  distributed  re¬ 
sources  that  exist  out  there.  We  have  a 
vision  and  approach  that  we  think  will 
move  the  ease  at  which  the  enterprise 
can  be  managed,  deployed  and  ser¬ 
viced  going  forward. 

What  I’ve  described  has  been  a  de¬ 
sire  for  customers,  but  the  industry 
hasn’t  been  rallied  around  it.  That’s  the 
key  thing  that’s  happening  right  now. 
We’re  doing  a  lot  of  work  getting  peo¬ 
ple  excited  about  plugging  into  an  open 
infrastructure  like  that,  and  that’s 
going  to  lead  to  a  ton  of  innovation. 
Ultimately,  if  we  do  our  job  well, 
customers  will  benefit.  ©  54006 
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CHILLING 


POWER 


Rising  temperatures 
could  push  more  data 
centers  to  make  the 
switch  to  direct  current 
power-delivery  systems. 


AS  VENDORS  CONTINUE 
to  pack  more  servers 
into  a  smaller  foot¬ 
print,  keeping  a  lid 
on  power  requirements  —  and 
keeping  server  racks  cool  — 
has  become  a  huge  challenge. 
And  the  lowly  AC  power  sup¬ 
ply  remains  the  toughest  part 
of  the  problem  to  solve. 

A  typical  power  supply, 
which  converts  AC  power  into 
the  various  DC  voltages  re¬ 
quired  by  indi¬ 
vidual  server 
components, 
has  an  efficien¬ 
cy  range  of  just 
65%  to  85%,  vendors  say.  Just 
one  1-kilowatt  power  supply 
may  generate  300  watts  of 
waste  heat,  and  today’s  blade 
servers  can  consume  more 
than  14  kilowatts  per  rack. 

“That’s  bad,”  says  Scott 
Tease,  product  marketing 
manager  for  eServer  Blade- 
Center  at  IBM.  “One,  I  paid  for 
that  electricity,  and  two,  I’ve 
released  the  heat  into  the  en¬ 


vironment  and  I  have  to  pay  to 
air-condition  it.” 

To  make  matters  worse,  AC 
power-supply  efficiency  drops 
with  the  utilization  level.  In 
servers  with  redundant  power 
supplies,  where  the  load  is 
shared,  best-case  utilization  lev¬ 
els  are  below  50%.  As  a  result, 
power  supplies  in  most  servers 
tend  to  operate  at  the  low  end 
of  the  efficiency  range,  says  Ken 
Baker,  data  center  infrastruc¬ 
ture  technolo¬ 
gist  at  Hewlett- 
Packard  Co. 

Some  data 
center  man¬ 
agers  have  responded  by  using 
DC-based  power  distribution 
systems,  eliminating  the  need 
for  AC  power  supplies  for 
server  racks.  IBM  and  HP  both 
offer  servers  that  can  accept 
bulk  DC  power  from  a  central¬ 
ized,  telecommunications- 
grade  -48-volt  DC  power  dis¬ 
tribution  unit  (PDU)  and  then 
step  it  down  to  the  voltages 
required  at  the  server  level. 


Rackable  Systems  Inc.’s 
products  support  both  bulk 
power  and  an  option  that 
moves  the  AC/DC  converter 
away  from  individual  servers 
to  the  top  of  each  rack,  where 
heat  can  be  vented  into  the 
air-handling  system. 

Milpitas,  Calif.-based  Rack- 
able  claims  that  its  DC-pow¬ 
ered  servers  reduce  heat  by  up 
to  30%.  HP  makes  more  mod¬ 
est  claims  of  15%  reduction, 
which  can  add  up  across  many 
racks  of  servers,  Baker  says. 

Data393  Holdings  LLC  has 
made  the  leap  to  DC-powered 
servers.  The  company,  which 
operates  a  collocation  center 
in  Englewood,  Colo.,  uses  a 
DC  power  distribution  system 
inherited  from  a  previous  ten¬ 
ant  to  power  140  servers  from 
Rackable.  Data393’s  DC  power 
plant  includes  rectifiers  that 
convert  incoming  AC  power 
to  DC  and  charge  a  bank  of 
uninterruptible  power  supply 
batteries  as  well  as  its  servers 
and  network  equipment. 

Chris  Leebelt,  senior  vice 
president  at  Data393,  says  the 
IT  services  provider  chose 
DC-powered  equipment  be¬ 
cause  it  needed  to  make  the 
most  of  its  available  square 
footage  and  its  ability  to  cool 
that  space.  While  the  power 
distribution  system  must  still 
convert  incoming  power  to 
DC,  that  conversion  occurs 
outside  the  data  center. 

DC-powered  systems  from 
Rackable  cost  about  the  same  as 
traditional  AC-powered  servers 
while  allowing  more  servers  in 
each  rack,  according  to  Leebelt. 

DC  rectifiers  also  have  a 
mean  time  between  failures 
of  7  million  hours  —  70  times 
longer  than  AC  power  sup¬ 
plies,  says  Geoffrey  Noer, 
senior  director  of  product 
marketing  at  Rackable. 

“Some  of  our  largest  cus¬ 
tomers  host  almost  exclusively 
in  DC-related  environments,” 
says  Baker.  But  he  also  points 
out  that  most  are  telecommu¬ 
nications  companies  and  host¬ 
ed  service  providers.  “The 
number  is  very  small  in  corpo¬ 
rate  data  centers,”  he  says. 

So  why  don’t  more  enterprise 
data  centers  use  DC  PDUs? 

Tease  claims  that  the  rela¬ 
tionship  between  utilization 


To  DC  or 
Not  to  DC? 


PROS: 

■  A  DC  power  distribu¬ 
tion  system  moves  the 
inefficient  and  heat¬ 
generating  AC/DC 
conversion  process  out 
of  server  racks.  Cooler 
racks  support  higher 
server  densities,  sav¬ 
ing  floor  space. 

■  DC  systems  are 
more  reliable  than  AC 
power  supplies. 

■  Batteries  used  in  DC 
designs  provide  a 
source  of  uninterrupt¬ 
ible  power. 

■  Most  networking 
equipment  already 
supports  DC  power. 


CONS: 

■  A  DC  power  distribu¬ 
tion  system  is  an 
added  expense. 

■  DC  requires  bigger 
power  distribution 
cables  than  AC  power 
does. 

■  Management  of  DC 
systems  requires  spe¬ 
cialized  expertise. 

and  efficiency  issues  is  over¬ 
stated,  and  IBM’s  BladeCenter 
power  supply  designs  are  90% 
efficient.  In  contrast,  the  con¬ 
verters  required  to  step  down 
DC  power  are  93%  efficient. 
“Unless  the  infrastructure  is 
already  in  place,  it  just  doesn’t 
make  sense,”  he  says. 

Baker  says  inertia  and  famil¬ 
iarity  keep  data  centers  on  AC 
power,  and  the  standards  for 
AC  are  well  established  and 
understood.  “It  takes  special¬ 
ized  talent  to  manage  [DC] 
correctly,”  he  says. 

And  because  DC  power  has 
more  resistance,  the  distribu¬ 
tion  system  requires  larger  con¬ 
ductors.  Neil  Rasmussen,  chief 
technical  officer  at  American 
Power  Conversion  Corp.,  an 
UPS  and  data  center  rack  sys¬ 
tem  manufacturer  in  West 
Kingston,  R.I.,  says  that  adds 
to  infrastructure  costs.  “DC 
wiring  at  these  power  levels  is 


too  expensive  and  complex, 
requiring  specialized  contrac¬ 
tors  and  design,”  he  says. 

But  Baker  and  Rackable’s 
Noer  say  the  costs  overall  are 
about  the  same. 

Baker  says  the  adoption  of 
DC  as  an  alternative  power 
source  could  become  a  trend, 
particularly  in  new  data  cen¬ 
ters  where  such  infrastructure 
choices  are  being  made.  “We 
have  customers  that  have  cho¬ 
sen  native  DC  from  the  ground 
up,”  he  says.  But  Baker  adds 
that  the  lion’s  share  of  enter¬ 
prise  data  centers  will  contin¬ 
ue  to  center  around  AC  power. 

Meanwhile,  IBM  is  focusing 
its  power-saving  efforts  on  ar¬ 
eas  such  as  the  CPU,  which 
accounts  for  25%  of  the  power 
budget  in  a  BladeCenter,  Tease 
says.  IBM  offers  a  2.8-GHz 
Xeon  DP  processor  that  adds 
$200  to  the  cost  of  a  dual¬ 
processor  blade  but  cuts  pow¬ 
er  from  103  watts  to  55  watts. 

Noer  claims  that  ultimately, 
the  combination  of  low-voltage 
parts  and  DC  power  will  have 
the  biggest  payoff:  It  can  cut 
power  requirements  by  half. 

Rasmussen  isn’t  convinced. 
“If  you  need  to  cut  the  load 
15%,  just  pull  out  15%  of  the 
servers  and  put  them  some¬ 
where  else,”  he  says. 

But  for  Data393,  floor  space 
is  limited.  DC  power  has  en¬ 
abled  Leebelt  to  fill  server 
racks  that  would  otherwise  run 
too  hot  for  his  air-handling 
systems.  “[Vendors]  don’t  tell 
you  that  you  can’t  load  a  full 
rack  of  blades  because  the  heat 
coming  off  the  racks  can  be 
very  significant,”  he  says. 

DC  power  by  itself  can’t 
solve  the  problem  of  increas¬ 
ing  power  density  in  server 
racks.  But  the  option  has  pro¬ 
vided  enough  relief  to  con¬ 
vince  Leebelt  to  migrate  Data- 
393’s  remaining  600  servers. 
“We’re  doing  consolidation 
work  to  get  out  of  AC  hard¬ 
ware,”  he  says.  O  53969 

MULTIPLE  OPTIONS 

One  vendor's  product  offers  the  option  of 
using  either  AC  or  DC  power: 

QuickLink  53971 

How  it  works:  For  a  diagram  and 
explanation  of  DC  power  delivery,  see: 

QuickLink  54197 
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Protecting  the 
Crown  Jewels 


Our  security  manager  explores  the  options 
for  securing  a  valuable  asset  -  the  com¬ 
pany’s  source  code.  By  Mathias  Thurman 


You  would  probably 

imagine  that  a  company 
that  writes  and  sells 
software  would  make 
the  protection  of  that  software 
paramount.  That’s  why  it’s 
hard  to  believe  that  my  com¬ 
pany  has  implemented  no 
comprehensive  efforts  to  pro¬ 
tect  its  bread-and-butter  soft¬ 
ware  from  falling  into 
the  wrong  hands. 

Fortunately,  upper 
management  is  finally 
getting  a  clue  and  has 
asked  that  we  look 
into  the  technologies 
currently  available  for 
protecting  our  source  code. 

The  need  to  do  something  is 
more  pressing  than  ever.  It’s 
become  trivial  to  Find  a  place 
to  store  a  gigabyte  of  source 
code  (a  good  portion  of  our 
current  software  inventory), 
what  with  the  availability  of 
low-cost  USB  tokens,  external 
hard  drives  and  increased  disk 
space  on  public  e-mail  reposi¬ 
tories  such  as  Yahoo  and 
Google.  Left  unprotected,  our 
source  code  could  be  moved 
off-site  in  less  than  10  minutes. 

And  if  clever  programmers 
took  the  code,  they  could  re¬ 
brand,  reverse-engineer  or 
replicate  it  and  sell  it  for  profit 
within  a  matter  of  days.  If  you 
think  I’m  exaggerating,  recall 
that  more  than  800MB  of 
source  code  from  Cisco  Sys¬ 
tems  Inc.’s  Internetworking 
Operating  System  was  posted 
to  a  Russian  Web  site  a  year 
ago  [QuickLink  a5770]. 

Our  programmers  use  the 
open-source  Concurrent  Ver¬ 
sions  System  to  save  and  re¬ 
trieve  various  versions  of 
source  code.  CVS  also  lets 


teams  of  developers  share 
control  of  different  versions  of 
files  (source  code)  in  a  com¬ 
mon  repository.  The  problem 
is  that  once  a  developer 
checks  out  source  code  from 
the  repository,  there  are  no 
controls  to  prevent  him  from 
copying,  moving  or  transfer¬ 
ring  the  code  to  a  storage  de¬ 
vice  or  an  FTP  site. 
As  much  as  we’d  like 
to  trust  our  pro¬ 
grammers,  it’s  al¬ 
ways  possible  that 
money  or  coercion 
could  get  someone 
to  take  advantage  of 
the  lack  of  controls.  And  even 
if  that  didn’t  happen,  a  worm 
or  other  type  of  malicious 
code  could  be  introduced  to 
our  internal  network,  compro¬ 
mise  a  user’s  desktop  and  give 
an  outsider  access  to  locally 
stored  source  code.  I  could  go 
on  for  hours  discussing  the 
methods  and  motivations  for 
stealing  source  code. 

Fortunately,  there  are  some 
fairly  significant  developments 
in  the  source-code  protection 
market.  One  is  software  that 
gets  installed  on  the  develop¬ 
er’s  desktop  and  then  inserts 
itself  into  the  operating  system 
in  such  a  way  that  it  prevents 


No  matter  what 
approach  we  end  up 
using,  a  major 
consideration  will  be 
the  user  experience. 


defined  data  from  being 
copied,  printed  or  transferred 
anywhere  other  than  the 
source-code  repository  or  a 
dedicated  build  server.  What’s 
nice  about  this  type  of  tech¬ 
nology  is  its  ability  to  define 
which  directories  and  files  this 
protection  should  be  applied 
to.  That  means  that  when  de¬ 
velopers  checked  out  source 
code,  they  would  be  forced  to 
maintain  that  code  in  a  certain 
directory,  from  which  they 
would  be  barred  from  copying, 
printing  or  transferring.  How¬ 
ever,  they  would  be  free  to 
copy,  print  or  otherwise  ma¬ 
nipulate  other  business-relat¬ 
ed  data  such  as  e-mail  or  other 
documents,  which  would  be 
available  in  a  different,  nonre- 
stricted  directory.  Some  of  the 
software  in  this  market  will 
also  encrypt  the  defined  data. 

Looking  at  Products 

Microsoft  Corp.  and  Adobe 
Systems  Inc.  both  have  robust 
offerings  in  this  market,  but 
they  seem  to  be  product-cen¬ 
tric.  We  need  something  that 
is  product-agnostic,  that  can 
be  used  with  data  that  origi¬ 
nates  from  any  company’s 
product.  One  vendor  that 
seems  to  have  really  good  po¬ 
tential  is  Santa  Clara,  Calif.- 
based  Vormetric  Inc.  Its  Core- 
Guard  product  seems  to  ad¬ 
dress  all  of  our  needs.  It  al¬ 
lows  encryption,  access  con¬ 
trol,  integrity  protection, 
alerting  and  reporting,  and 
most  important,  it  can  be  con¬ 
figured  to  be  transparent  to 
the  user,  letting  the  developers 
conduct  business  as  usual. 

Another  interesting  tech¬ 
nology  monitors  network  traf¬ 
fic  for  source  code  in  the  data 
stream.  An  example  of  this  is 
a  product  from  San  Mateo, 
Calif.-based  Tablus  Inc.  that 
crawls  through  your  source- 
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code  repositories  and  uses 
special  technology  to  analyze 
the  data.  Then,  working  in 
way  that’s  similar  to  what  in¬ 
trusion-detection  software 
does,  it  monitors  the  network 
and  watches  the  data  stream 
for  the  “fingerprint”  of  the 
source  code  it  has  inspected. 

No  matter  what  approach 
we  end  up  using,  a  major  con¬ 
sideration  will  be  the  user  ex¬ 
perience.  We’ll  have  to  do  a 
considerable  amount  of  test¬ 
ing  to  ensure  that  we  don’t  im¬ 
pact  a  developer’s  ability  to  do 
his  job.  In  our  company,  devel¬ 
opers  are  treated  like  kings, 
since  they  write  the  software 
that  brings  in  the  big  bucks.  If 
a  developer’s  ability  to  work  is 
impeded,  that  in  turn  could  af¬ 
fect  the  product  life  cycle, 
which  could  hurt  our  ability  to 
generate  revenue. 

Because  developer  work- 
flow  is  such  a  high  priority, 
the  more  passive  option  —  the 
network  approach  —  has  mer¬ 
it.  However,  it  won’t  prevent 
users  from  copying  data  to  a 
local  storage  medium  such  as 
a  CD-ROM  or  USB  thumb 
drive.  Perhaps  the  best  way  to 
secure  our  data  would  be  a 
two-pronged  approach  in 
which  we  both  protected  the 
desktop  and  monitored  the 
network.  But  all  of  that  activi¬ 
ty  would  have  to  be  managed, 
and  we’re  short-staffed  as  it  is. 

We’ll  probably  start  asking 
some  of  these  vendors  to 
come  in  and  demonstrate  their 
products,  and  then  we’ll  start 
testing  the  products.  At  the 
end  of  the  day,  we  hope  to 
come  up  with  an  approach 
that  satisfies  our  information 
security  needs  while  still  leav¬ 
ing  our  developers  free  to  do 
their  jobs.  And  if  it  works  out 
well,  we  should  be  able  to  ex¬ 
tend  the  technology  we  select 
to  other  departments  such  as 
legal,  human  resources  and 
strategic  planning.  I 

WHAT  DO  YOU  THINK? 

This  week's  journal  is  written  by  a  real  securi¬ 
ty  manager,  “Mathias  Thurman,"  whose 
name  and  employer  have  been  disguised  for 
obvious  reasons.  Contact  him  at  mathias. 
thurman@yahoo.com,  or  join  the  discussion 
in  our  forum:  QuickLink  a!590 

To  find  a  complete  archive  of  our 
Security  Manager’s  Journals,  go  online  to: 

O  computemoiid.com/secjournal 
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Security  Bookshelf 

■  Aggressive  Network  Self- 
defense,^  Neil  R.  Wyler  (edi¬ 
tor),  etal.  (Syngress 
Publishing,  2005). 

This  book  is 
packed  with  sensi¬ 
ble  technical  ap¬ 
proaches  to  ail  ar- 
eas  of  information 
security,  as  well  as 
interesting  scenar¬ 
ios  and  references  to 
some  of  the  newest  tools  and 
technologies.  Since  I  like  wire¬ 
less  security,  I  really  enjoyed 
the  description  of  a  common 
wireless  hacking  scenario. 

And  be  sure  to  check  out 
Chapter  4,  in  which  a  key¬ 
stroke-capturing  program  is 
used  to  compromise  a  VPN 
connection  to  hack  into  a 
pharmaceutical  company. 

This  is  a  must  for  every  securi¬ 
ty  practitioner’s  library. 

-Mathias  Thurman 

Alcatel  Offers 
Quarantine  App 

Alcatel  announced  its  Omni- 
Vista  2770  Quarantine  Man¬ 
ager  for  the  Alcatel  Omni- 
Switch  product  line.  The  tool, 
which  works  with  intrusion- 
detection  and  -prevention 
systems  from  third  parties,  is 
designed  to  defect  attackers 
and  stop  them  by  quarantining 
them  in  a  virtual  LAN  where 
they  can’t  get  access  to  the 
network.  It’s  also  designed  to 
ban  them  from  reconnecting 
to  the  network  even  if  they  try 
to  access  it  from  a  different 
location. 

Lower-Cost  VPN 
Gateway  on  Tap 

AEP  Networks  Inc.  introduced 
the  Netilia  Secure  Safeway 
Appliance  Tunnel,  a  compact, 
preconfigured  VPN  gateway 
that,  at  $2,495 for  25  concur¬ 
rent  users,  is  designed  to  Sow¬ 
er  the  cost  of  entry  for  SSL- 
encrypted  application  access. 
The  product  delivers  high¬ 
speed  performance  while 
providing  secure  access  to 
an  array  of  Windows  applica¬ 
tions,  according  to  AEP. 


Aggressive 
I  Network 
Self-Defense 
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ScanSoft  Releases 
New  PDF  Software 


h  ScanSoft  Inc.  in  Peabody, 
Mass.,  has  released  a  new  appli¬ 
cation  that  creates,  converts,  fills 
and  edits  Portable  Document  For¬ 
mat  files.  ScanSoft  PDF  Convert¬ 
er  Professional  3.0  allows  users 
to  create  PDF  files  from  any  PC 
application,  provides  support  for 
security  and  encryption,  and  in¬ 
cludes  features  such  as  sticky 
notes  and  highlighting  tools,  the 
company  said.  The  FormTyper 
feature  makes  it  possible  to  fill  out 
any  PDF  form  with  a  single  click, 
while  the  PDF  Converter  turns 
existing  PDF  files  into  fully  for¬ 
matted  Microsoft  Word,  Corel 
WordPerfect  or  Microsoft  Excel 
documents.  Pricing  starts  at  $99 
per  user. 


DataFlux  Unveils 
Data  Quality  Tool 

■  DataFlux  Corp.,  a  subsidiary  of 
SAS  Institute  Inc.  in  Cary,  N.C., 
last  week  announced  the  newest 
version  of  its  data  quality  integra¬ 
tion  suite.  Version  7.0  of  the 
DataFlux  Data  Quality  Integration 
Solution  allows  companies  to  en¬ 
force  business  rules  like  address 
standardization,  product  code 
classification  or  identity  matching 
to  applications  and  databases 
that  house  customer,  product, 
supply  chain  or  finance  data,  ac¬ 
cording  to  DataFlux.  The  new 
platform  includes  a  GUI-based 
design  infrastructure  that  allows 
business  and  IT  users  to  build 
processes  to  inspect,  correct,  in¬ 
tegrate  and  enhance  data.  Pricing 
starts  at  $75,000. 


Brocade  Buys  10% 
Of  Tacit  Networks 

■  Brocade  Communications  Sys¬ 
tems  Inc.  in  San  Jose  announced 
last  week  that  it  is  buying  a  10% 
share  of  Tacit  Networks  Inc.  for 
$7.5  million.  Brocade  plans  to 
sell  South  Plainfield,  N.J.-based 
Tacit’s  iShared  wide-area  file¬ 
sharing  software  and  may  even¬ 
tually  integrate  the  product  into 
its  own  storage  switch. 


CURT  A.  MONASH 


Looking  Beyond 
Hie  Big  Three 


F  YOU  WANT  TO  understand  your  technology 
strategy  options,  my  usual  advice  is  that  you 
should  study  Microsoft,  Oracle  and  IBM.  There’s 
hardly  a  software  product  category  in  which  at 
least  one  of  them  isn’t  a  market  leader  and  mar¬ 


keting  trendsetter.  Enter¬ 
prise  applications,  personal 
applications,  operating  sys¬ 
tems,  app  servers,  network 
management,  security,  ana¬ 
lytics,  app  development, 
nontabular  data  types, 
search,  speech  recognition 
—  you  name  it  and  they’re 
there.  And,  of  course,  in 
database  management,  they 
pretty  much  have  divided 
the  whole  market  up 
among  themselves. 

But  despite  the  overwhelming  mar¬ 
ket  power  of  the  Big  Three,  a  few  other 
database  management  systems  vendors 
are  still  standing,  and  there  are  things 
to  be  learned  from  them,  too.  An  inter¬ 
esting  matched  pair  of  such  companies 
is  Progress  Software  Corp.  and  Inter- 
Systems  Corp.,  two  of  the  last  remain¬ 
ing  major  independent  software  ven¬ 
dors  in  the  Boston  area.  Both  started  as 
fourth-generation  language  (4GL)  ven¬ 
dors  but  soon  added  matching  DBMSs, 
which,  at  least  nominally,  provide  the 
bulk  of  their  revenues.  Both  sell  pri¬ 
marily  through  indirect  channels  but 
derive  a  large  minority  of  their  rev¬ 
enues  from  direct  enterprise  sales. 

Both  seem  to  have  decided  that  object- 
oriented  database  and  middleware 
technology  is  the  wave  of  the  future. 
And  that’s  where  the  similarities  end. 

InterSystems  is  the  smaller  and  less 
established  of  the  two.  But  it’s  also  the 
more  interesting  company  right  now, 
thanks  to  an  unusual  DBMS  architec¬ 
ture.  InterSystems’  Cache  database 
manager  has  a  fundamentally  object- 
oriented  design.  That  is,  the  native 
DML/DDL  (Data  Manipulation/ 


Description  Language)  is 
emphatically  object-orient¬ 
ed,  and  the  access  methods 
are  optimized  for  the  stor¬ 
age  and  retrieval  of  entire 
objects.  This  language  is  a 
proprietary  outgrowth  of 
the  Mumps  standard 
(Massachusetts  General 
Hospital  Utility  Multi¬ 
programming  System),  a 
health-care-oriented  4GL. 
Naturally,  Java  and  XML  are 
supported  as  well.  In  addi¬ 
tion,  there  is  a  reasonably  versatile  and 
effective  SQL  overlay. 

InterSystems  would  have  you  believe 
that  the  net  effect  is  blazing  perfor¬ 
mance  in  major  applications,  not  a  lot 
of  performance  penalty  in  add-on  ap¬ 
plications,  all  the  programming  bene¬ 
fits  of  object  orientation  and  only  some 
of  the  drawbacks  of  having  business 
logic  and  data  structure  intertwined. 

A  look  at  InterSystems’  user  base  sug¬ 
gests  there’s  some  truth  to  these  claims. 
Transactional  systems  in  areas  such  as 
trading  floors  and  telephony  billing 
support  the  performance  claims.  The 
Cache  partner  catalog  does  imply  that 
the  heart  of  the  business  is  specialized 
apps  in  areas  such  as  patient  records  — 
but  a  few  complete  back-office  suites 
suggest  that  the  relational  features 
work  at  least  somewhat  as  advertised. 

To  understand  what’s  going  on  under 
the  covers  of  Cache,  recall  that  the  real 
action  in  a  DBMS  usually  takes  place  in 
the  indexing  system.  Like  any  other  ob¬ 
ject-oriented  DBMS,  Cache  essentially 
accesses  data  via  a  tree  structure  that 
mimics  the  object  hierarchy.  In  the  case 
of  Cache,  the  index  is  just  as  object- 
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oriented  as  —  and  indeed  stored  in  the 
same  way  as  —  the  data  itself.  The  tree 
structure,  in  turn,  is  implemented  via 
highly  multidimensional  (and  very 
sparse)  arrays  with  lots  of  possible  sub¬ 
scripts.  The  whole  thing  is  navigated 
via  relational-like  b-trees,  which  Inter¬ 
Systems  insists  are  rigorously  self¬ 
rebalancing.  And  Cache  is  particularly 
fast  at  updating  bit-mapped  column  in¬ 
dices,  a  nice  boost  to  SQL  performance 
for  some  complex  queries. 

Should  you  use  Cache  instead  of 
Oracle  or  DB2?  Probably  only  if  a  huge 
performance  advantage  can  be  proved 
for  a  particular  application.  But  is 
Cache  a  harbinger  of  future  directions 
from  the  big  DBMS  vendors?  Quite 
possibly.  True  object  orientation  and 
complex  XML  are  each  awkward  to 
support  in  classical  relational  struc¬ 
tures,  and  both  Oracle  and  IBM  show 
refreshing  willingness  to  go  beyond 
classical  relational  dogma. 

Progress’  story  can  be  construed  to 
somewhat  corroborate  that  of  Inter¬ 
Systems.  Its  main  business  is  actually 
based  on  a  much  more  conventional  re¬ 
lational  DBMS  and  4GL.  Although  ma¬ 
ture,  that  segment  remains  fully  com¬ 
petitive,  and  Progress  is  vying  with 
Oracle  and  Microsoft  for  “embedded” 
DBMS  market  leadership.  Credit  for 
this  goes  to  Progress’  historical  focus 
on  indirect  sales  and  to  some  historical 
product  advantages,  such  as  a  no-DBA 
RDBMS  and  what  was  once  the  best 
4GL  available.  But  even  so.  Progress’ 
core  techies  now  think  the  future  is  in 
object-oriented  DBMSs  (and  associated 
middleware)  as  well.  And  while  they 
flirted  with  pushing  XML  over  object 
orientation  as  the  post-SQL  DBMS  par¬ 
adigm,  like  InterSystems  they  now  es¬ 
pouse  object  orientation  as  the  data  ar¬ 
chitecture  wave  of  the  future.  ©  54172 
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Speedy  server  deployment.  Just  one  console. 

Now,  Dell™  PowerEdge™  administrators  only  need  one  console  to 
deploy,  manage,  monitor,  patch  and  update  software  and  hardware  for 
Microsoft®  Windows®  and  Red  Hat®  Linux®  environments.  With  all 
those  features  fully  integrated,  Dell  OpenManage  with  Altiris 
Management  Suite  for  Dell  Servers  helps  get  systems  up 
and  running  fast,  saving  IT  time  and  resources. 

Take  some  time  to  see  for  yourself. 

Visit  deil.com/altiris3  today  for  a  demonstration  and  whitepaper. 


Lurking  Liabilities 
In  Security  Law 

Some  laws  and  regulations  get  all 
the  attention,  but  others  that  might 
fall  outside  your  radar  are  just  as 
important.  Here  are  five  legal  issues 
to  watch  out  for  in  the  realm  of 
information  security.  Page  31 


Q&A 

The  End  of  Corporate  IT 

Love  him  or  loathe  him, 
you’ll  want  to  read  what 
Nicholas  Carr  has  to  say 
about  the  (short)  future  of 
your  in-house  IT  group. 

Page  32 
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OPINION 

Management  Controls: 

A  Lost  Art 

Good  management  controls  are  the 
basic  blocking  and  tackling  of  IT,  says 
Bart  Perkins.  Letting  controls  at  your 
company  grow  lax  can  set  you  up  for 
embarrassment  and  failure.  Page  36 


About  25  years  ago, 
Robert  Rosen  and 
his  bosses  were 
engaged  in  “big 
debates”  about  IT 
staffing  levels  at  the 
federal  agency  at 
which  he  was  work¬ 
ing.  To  find  an¬ 
swers,  he  sought 
comparative  num¬ 
bers  from  other  organizations  that 
were  running  similar  systems. 

Rosen  had  already  been  a  member 
of  the  Share  user  group  for  about  a 
decade,  so  he  didn’t  have  to  look  too  far 
to  find  what  he  needed.  Fellow  mem¬ 
bers  supplied  him  with  the  data.  He  as¬ 
sembled  a  full  report  and  sent  it  along 
to  management.  “That  helped  me  sig¬ 
nificantly,”  says  Rosen,  now  a  CIO  in 
the  federal  government.  “That  kind  of 
made  my  reputation  as  [someone  who 
can]  get  outside  our  little  focus  area” 
and  come  up  with  other  perspectives. 

That,  many  say,  is  the  most  important 
of  several  benefits  user  groups  provide 
IT  professionals  and  —  by  extension  — 
their  organizations.  Others  include  net¬ 
working  with  various  IT  professionals, 
getting  the  lowdown  on  the  latest  ven¬ 
dor  releases  and  influencing  vendor  of¬ 
ferings  through  feedback  on  products. 

User  groups  are  increasingly  valuable 
today  as  some  vendors  target  other 
companies  for  merger  or  acquisition. 
“Vendor  consolidation,  such  as  Oracle 
Corp.’s  acquisition  of  PeopleSoft,  has 
[required]  IT  professionals  to  look  to 
user  groups  for  information,”  says  Foad 
Fadaghi,  research  director  in  the  tech¬ 
nology  practice  at  Frost  &  Sullivan  Ltd., 
a  global  business  consulting  firm. 

“IT  professionals  can  use  their  user 
groups  to  understand  what  others  are 
doing  in  the  face  of  consolidation,”  says 
Fadaghi,  noting  that  information  about 
how  peers  are  dealing  with  migration, 
account  management  and  integration 
issues  “can  empower  the  buyer.” 

Groups  also  advocate  for  users  dur¬ 
ing  a  takeover  by  “kind  of  waving  the 
flag,  saying  ‘Don’t  forget  about  us!’  ” 


says  Julie  Silverstein,  chief  operating 
officer  at  SmithBucklin  Corp.  in  Chica¬ 
go.  SmithBucklin  provides  manage¬ 
ment  and  professional  services  to 
about  20  user  groups,  including  En¬ 
compass,  Share,  the  Americas’  SAP 
Users’  Group  and  InSight. 

And,  as  the  Quest  International 
Users  Group  discovered  earlier  this 
year,  vendors  listen.  Quest  focuses  on 
PeopleSoft  World  and  J.D.  Ed¬ 
wards’  Enterprise  One  soft¬ 
ware,  and  since  Oracle  bought 
PeopleSoft  in  January,  “there 
has  been  a  lot  of  interest  [from 
Oracle]  in  what  customers  think,” 
says  Quest  President  Fred 
Pond.  Pond  is  also  director 
of  information  services  at 
Schnitzer  Steel  Industries 
Inc.  in  Portland,  Ore. 

Fadaghi  says  an  IT  profes¬ 
sional  who  is  looking  to  join  a 
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As  of  last  September,  there  were  1,428  com¬ 
puter  user  groups  in  the  U.S.,  according  to 
SoftPressRelease.com,  an  international  press¬ 
release  distributor  for  IT  media.  Here  are  the 
basics  on  six  of  them: 

Share 

Focus  area:  IBM  products  for  IT  profession¬ 
als.  Originally  focused  on  mainframe  pro¬ 
gramming  but  has  evolved  to  include  areas 
such  as  AIX,  Linux,  application  develop¬ 
ment,  security,  integration  and  management. 
Founded:  1955 
Members:  More  than  15,000 
Major  event:  Semiannual  Share  User 
Events 

www.share.org 

Americas’  SAP 
Users’  Group  (ASUG) 

Focus  area:  SAP's  enterprise  resource 
planning  software. 

Founded:  1991 
Members:  45,000 

Major  event:  ASUG  Annual  Conference  & 
Vendor  Fair 

www.asug.com 

InSight 

Focus  area:  McKesson  technologies  for 
the  health  care  industry,  including  hospital¬ 
wide  resource,  revenue,  clinical  and  auto¬ 
mation  systems. 

Founded:  1994 
Members:  3,500 

Major  event:  InSight  Annual  Conference 

www.insight-net.org 

Encompass 

Focus  area:  Hewlett-Packard  technologies 
(and  legacy  Compaq  and  Digital  products), 
including  Linux,  storage,  HP-UX,  Tru64 
Unix,  OpenVMS,  Enterprise  Windows 
Servers,  security  and  networking. 

Founded:  1961  (formerly  known  as  DECUS) 
Members:  More  than  10,000 
Major  event:  HP  Technology  Forum 
www.encompassUS.org 

International  Oracle 
Users  Group  (IOUG) 

Focus  area:  Oracle  technologies 

<  Founded;  1993 

*  Members:  14,000 

•  Major  event:  IOUG  Live 
www.ioug.org 
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Quest  International 
Users  Group 

v  Focus  area:  PeopleSoft  World  and  J.D. 
Edwards  Enterprise  One  software 

■  Founded:  1995 
Members:  More  than  8,000 
Major  event:  Quest  Conference  &  Expo 

www.questdirect.org 


user  group  should  determine  the  value 
he  can  derive  from  it.  Things  to  look 
for  include  independent  speakers  at 
events,  high  levels  of  member  partici¬ 
pation  and  testimonials  from  peers. 

Here’s  a  look  at  four  representative 
user  groups: 

1  Encompass 

A  Hewlett-Packard  Co.  user 
group,  Encompass  is  no 
stranger  to  mergers,  having 
lived  through  HP’s  purchase 
of  Compaq  in  2002  and,  four 
years  earlier,  Compaq’s  acquisition  of 
Digital  Equipment  Corp.  (Encompass 
was  formed  in  1961  as  DECUS,  a  user 
group  for  Digital  products.)  Many  of  its 
more  than  10,000  members  come  from 
the  technical  side  of  IT,  though  many 
are  influential  enough  in  their  organi¬ 
zations  that  they  report  to  the  IT  direc¬ 
tor  or  the  CIO,  says  Kristi  Browder,  di¬ 
rector  of  IT  at  Silicon  Laboratories  Inc. 
in  Austin  and  Encompass’  president. 

Like  most  user  groups,  Encompass 
sponsors  annual  events  and  local  chap¬ 
ter  meetings  where  members  can  ex¬ 
change  IT  knowledge,  Browder  says. 

It  has  also  started  using  the  Web  as  a 
vehicle  to  enhance  interaction.  For  ex¬ 
ample,  Encompass  hosts  a  monthly  we¬ 
bcast  on  a  chosen  issue  (a  recent  topic: 
concepts  in  storage-area  network  de¬ 
sign)  and  touts  four  special  interest 
groups  —  focusing  on  enterprise  Unix, 
OpenVMS,  enterprise  storage  and  Lin¬ 
ux  —  in  which  users  can  learn  more 
about  HP  technologies  and  help  one 
another  solve  problems. 

2  Share 

In  1955,  two  years  after 
IBM  released  its  first 
computer,  Share  became 
the  world’s  first  user 
group.  Its  member  list  of 
more  than  2,000  organizations  in¬ 
cludes  most  of  the  Fortune  500,  along 
with  universities  and  colleges  and  fed¬ 
eral,  state  and  local  government  orga¬ 
nizations.  Each  of  the  group’s  semi¬ 
annual  conferences  offers  five  to  seven 
sessions  daily,  and  the  information 
sharing  continues  into  the  evenings  at 
social  events,  Rosen  says. 

Over  the  years,  he  has  heard  stories 
of  how  Share  conferences  have  helped 
solve  members’  problems  or  boosted 
careers.  Rosen  tells  of  a  member  who 
came  to  a  conference  despite  a  costly 
technical  problem  she  was  facing  at 
the  office  that  would  probably  take 
two  to  three  months  to  solve.  After 
taking  in  a  session,  she  sought  out  the 
speaker,  who  wrote  down  a  few  lines 
of  code  that  saved  her  company  more 


than  $100,000  in  code  modification. 
“It’s  the  little  things  that  are  really  the 
big  payoffs,”  Rosen  says. 

3  Americas’  SAP 

Users’  Group  (ASUG) 

Fifteen  years  ago,  German 
software  maker  SAP  AG 
trained  its  sights  on  the 
Western  Hemisphere  for 
its  ERP  products.  At  SAP’s  annual 
conference,  a  group  of  U.S.  attendees 
decided  to  form  a  users’  group,  some¬ 
thing  the  organizers  and  the  vendor 
felt  would  help  SAP’s  efforts,  accord¬ 
ing  to  the  group’s  current  president, 
Karen  Chirico,  who  is  also  manager  of 
Honeywell  Corp.’s  Aerospace  Financial 
Center  of  Excellence  in  Phoenix. 

The  group  and  SAP  agreed  that  they 
needed  to  band  together.  SAP  wanted 
to  learn  how  business  works  in  the  U.S., 
Chirico  says.  On  the  user  side,  she 
adds,  “the  Americas  had  absolutely  no 
concept  of  what  an  ERP  system  was.” 

Today,  ASUG  has  more  than  30,000 
members,  covering  about  three  quarters 
of  SAP  Americas’  customer  base.  The 
annual  spring  conference  provides  op¬ 
portunities  for  face-to-face  interaction, 
and  there’s  also  a  Web-based  member 
network  in  which  a  member  with  a  prob¬ 
lem  can  outline  it  in  hopes  of  finding  an¬ 
other  member  who  can  help  him  solve  it. 

4  InSight  ~ 

As  health  care  organiza¬ 
tions  deal  with  issues  of 
cost  control,  managed 
care  and  patient  privacy, 
they  lean  more  heavily 
on  technology.  That’s  where  a  group 
such  as  InSight  can  play  a  key  role,  ac¬ 
cording  to  Cyndi  Jones,  InSight’s  presi¬ 
dent  and  CIO  at  St.  Luke’s  Health  Net¬ 
work  in  Bethlehem,  Pa.  “In  this  envi¬ 
ronment,  where  there’s  so  much  [going 
on  in  IT],  the  value  of  this  user  group 
is  that  you  can  really  optimize  the 
products  faster,”  she  says. 

InSight  represents  customers  of 
McKesson  Provider  Technologies,  a 
subsidiary  of  health  care  IT  vendor 
McKesson  Corp.  Membership  has 
increased  10%  to  15%  in  the  past  two 
years  as  a  result  of  increased  industry 
investment  in  IT,  according  to  Jones. 
Despite  the  group’s  independence, 
McKesson’s  involvement  has  been 
“very  intense  and  very  collaborative,” 
as  well  as  quite  supportive,  providing 
money  for  various  functions  and  speak¬ 
ers  for  group  events,  Jones  says. 

InSight  holds  an  annual  conference 
and  trade  show  that  draws  about  3,500 
to  4,000  attendees  and  is  growing  each 
year.  It  also  provides  members  with  an 


opportunity  to  become  involved  with 
committees  and  projects.  In  addition, 
members  take  an  active  role  in  moni¬ 
toring  online  discussion  boards  on  the 
group’s  Web  site. 

User  Group/Vendor  Tango 

There  was  a  time  when  user  groups 
and  IT  vendors  had  testy  relationships, 
SmithBucklin’s  Silverstein  says.  But  to¬ 
day,  both  sides  realize  that  they  need 
each  other.  And  while  organizations 
that  pay  for  employees’  user  group 
memberships  expect  a  return  on  that 
investment,  “vendors  today  want  an 
ROI  too,”  Silverstein  says. 

Vendors  see  user  groups  not  just  as 
sales  vehicles,  but  also  as  feedback 
mechanisms,  she  explains.  The  vendors 
provide  speakers  for  group  events  and 
attend  trade  shows,  looking  beyond 
sales  and  marketing  opportunities  for 
focused  feedback  on  products. 

User  groups  are  “a  big  part  of  our 
investment  each  year,”  says  David 
Parsons,  vice  president  of  Americas 
enterprise  marketing  at  HP.  The  four 
groups  HP  works  with  are  “invaluable 
constituent  communities”  that  provide 
a  broad  range  of  perspectives  and 
ideas,  so  “we  want  to  preserve  and 
protect  that,”  he  says. 

For  users,  regular,  face-to-face  meet¬ 
ings,  ongoing  forums  and  Internet 
bulletin  boards  are  all  useful,  says 
Fadaghi  at  Frost  &  Sullivan.  And  in  the 
future,  he  says,  “more  of  these  meet¬ 
ings  will  be  global  and  facilitated 
through  videoconferencing,  webinars 
and  chat  rooms.” 

Regardless  of  the  vehicle,  members 
cite  the  personal  interaction  in  helping 
solve  a  work-related  problem  that  you 
can’t  get  from  a  book  and  might  not  get 
from  a  class  costing  hundreds  of  dol¬ 
lars  more.  “The  most  important  return 
on  investment  is  your  ability  to  help 
the  company,”  says  Silverstein.  “The 
payback  has  got  to  be  in  your  job.  If 
you  work  for  a  corporation,  the  things 
that  you  learn  are  just  tremendous.” 

Your  organization  expects  you  to 
know  the  technology,  Share’s  Rosen 
adds.  So  calling  on  a  peer  network  that 
comes  from  a  user  group  can  help  keep 
the  organization  humming,  keep  you 
employed  and  possibly  help  advance 
your  career.  These,  he  says,  “are  the 
really  big  payoffs.”  ©  59380 

Saia  is  a  business  technology  writer  and 
editor  in  Shrewsbury,  Mass. 

HELP  FOR  MIDMARKET  USERS 

The  Quest  user  group  serves  IT  pros  in  the  midmarket: 
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Five  new  legal  issues  in  security  can 
cause  trouble  forthe  unwary  CIO. 


CIOs  HAVE  A  NEW  NAME  TO  KNOW: 
ZUBULAKE.  And  if  they  don’t,  they 
could  be  heading  for  trouble. 

Zubulake  is  shorthand  for  the  case  of 
Zubulake  v.  UBS  Warburg  LLC,  which 
was  heard  recently  in  a  federal  court  in 
New  York.  The  court’s  decisions  in 
that  case  established  new  standards  for 
retaining  electronic  data. 

“The  courts  are  increasingly  de¬ 
pending  on  companies  and  their 
lawyers  to  produce  electronic  evi¬ 
dence  and  to  make  sure  it’s  not  de¬ 
stroyed,”  says  Adam  Rosman,  a  lawyer 
at  Zuckerman  Spader  LLP  in  Washing¬ 
ton.  “It  was  an  obligation  that  didn’t 
previously  exist.” 

CIOs  have  had  to  contend  with 
hackers,  worms  and  viruses  for  years. 
And  they’re  getting  a  handle  on  new 
federal  regulations  that  set  additional 
security  requirements.  But  even  veter¬ 
an  IT  executives  may  be  ignorant  of 
some  crucial  aspects  of  security  law, 
like  the  requirements  coming  out  of 
the  Zubulake  case,  lawyers  say. 

These  security  measures,  while  im¬ 
portant  legally,  fail  to  attract  adequate 
attention  because  they’re  evolving 
standards,  they’re  mixed  in  with  re¬ 
sponsibilities  traditionally  handled  by 
other  executives,  or  they’re  simply 
downplayed  by  the  executive  suite. 

But  CIOs  need  to  make  these  new 
obligations  a  priority  or  live  with  in¬ 
creased  risk  of  legal  action.  “There  is 
some  important  work  to  be  done  to 


bring  the  CIO  and  the  security  officers 
up  to  speed,”  says  J.  Beckwith  Burr,  a 
partner  at  Wilmer  Cutler  Pickering 
Hale  and  Dorr  LLP,  which  has  head¬ 
quarters  in  Boston  and  Washington. 

Here  are  five  security  concerns  that 
might  have  eluded  some  CIOs: 

1A  THREAT  OF  LEGAL  OR  REGULA¬ 
TORY  ACTION  against  your  com¬ 
pany  should  spur  you  to  adopt 
more-conservative  data-reten- 
tion  procedures.  This  is  just  as 
important  as  abiding  by  the  rules 
for  data  storage  that  have  emerged 
from  the  Zubulake  case  and  better- 
known  mandates,  such  as  the  Sarbanes- 
Oxley  Act.  “When  you  get  wind  that 
someone  might  be  thinking  of  suing 
you,  you  have  to  immediately  change 
your  document  destruction  proce¬ 
dures  so  you  don’t  destroy  anything 
that  might  be  evidence,”  says  Stuart 
Meyer,  a  partner  at  Fenwick  &  West 
LLP  in  Mountain  View,  Calif.  “You  can 
be  sanctioned  to  the  tune  of  millions  of 
dollars  —  and  many  companies  have 
—  because  they  didn’t  suspend  their 
normal  procedures.” 

2  SECURITY  THREATS  FROM 

EMPLOYEES  represent  anoth¬ 
er  often-overlooked  risk  that 
could  land  CIOs  and  compa¬ 
nies  in  legal  trouble.  Some 
employees  act  maliciously, 
but  others  are  duped.  For  example,  a 


federal  report  released  earlier  this  year 
found  that  35  out  of  100  managers  and 
employees  of  the  Internal  Revenue 
Service  provided  their  network  log-on 
names  and  temporarily  changed  their 
passwords  when  asked  to  do  so  by  U.S. 
Department  of  the  Treasury  inspectors 
posing  as  computer  technicians. 

Companies  have  an  obligation  to  se¬ 
cure  their  information,  even  from  their 
own  employees,  says  Robert  M.  Weiss,  a 
partner  at  Neal,  Gerber  &  Eisenberg 
LLP  in  Chicago.  For  example,  if  an 
unauthorized  employee  accessed  an¬ 
other  employee’s  personnel  file,  officers 
and  the  company  itself  could  be  sued. 


3  CORPORATE  RELATIONSHIPS 
WITH  THIRD-PARTY  SERVICE 
PROVIDERS  also  present 
potential  legal  problems, 
lawyers  say.  For  example, 
most  contracts  today  limit 
the  liability  of  outsourced  providers  to 
the  cost  of  the  contract.  “So  if  there  is  a 
security  meltdown,  contractually  the 
vendor  isn’t  responsible,”  Burr  says. 
That  means  that  regulators,  sharehold¬ 
ers  or  corporate  clients  could  go  after 
the  company  —  not  the  provider  —  if 
there  were  a  breach. 

“The  question  is  how  you  meld  your 
legal  and  procurement  function  with 
your  IT  function  with  your  privacy  op¬ 
erations  and  your  security  operations,” 
Burr  says.  “There’s  a  lot  of  communi¬ 
cation  that  needs  to  go  on  to  make  sure 
all  the  bases  are  being  covered.” 


A  Culture 
Of  Security 


Attorneys  and  other  legal  experts  caution 
that  the  best  defense  against  being 
caught  unaware  on  security  law  is  to 

nto  the  culture  of  your 
i  ways  to  work 


4  CHANGES  IN  BEST  PRACTICES 

have  come  quickly  with  new 
laws,  regulatory  require¬ 
ments  and  court  decisions, 
and  the  implications  could 
go  well  beyond  initial  expec¬ 
tations.  Take,  for  example,  federal  laws 
such  as  the  Gramm-Leach-Bliley  Act, 
the  Health  Insurance  Portability  and 
Accountability  Act  and  Sarbanes- 
Oxley.  They  have  security  mandates 
for  specific  segments  of  the  economy: 
financial  services,  the  health  care  in¬ 
dustry  and  public  companies. 

But  these  and  other  laws  set  “stan¬ 
dards  of  care”  that  courts  everywhere 
might  rule  apply  to  all  companies  — 
even  those  not  specifically  covered  by 
the  laws,  Meyer  says. 

“The  general  notion  is  if  you  act  as 
a  reasonable  person  would  act,  you 
shouldn’t  be  held  liable,”  says  Greg 
Lippetz,  a  partner  at  Boston-based 
Bingham  McCutchen  LLP.  “But  ‘rea¬ 
sonable’  today  is  different  than  three 
years  ago.  The  bar  is  rising.” 


5  DOUBLE-EDGED  AUDITS  also 
pose  a  challenge.  Most  CIOs 
know  that  security  standards 
are  changing,  and  many  use 
audits  to  find  holes  in  their 
companies’  policies  and  pro¬ 
cedures.  But  audits  themselves  can 
cause  legal  trouble  if  companies  don’t 
follow  up  quickly  on  the  results. 

“If  you  have  knowledge  of  a  security 
gap  and  you  don’t  correct  it  and  some¬ 
thing  happens,  it’s  hard  to  escape 
liability,”  says  David  MacDonald,  a 
New  York-based  partner  at  Kirkland 
&  Ellis  LLP. 


On  the  other  hand,  companies  that 
fail  to  make  reasonable  efforts  to  find 
security  gaps  may  also  be  liable. 

That’s  why  CIOs  need  to  get  crack¬ 
ing,  lawyers  say.  They  must  educate 
other  executives  about  the  legal  need 
to  meet  these  new  standards  so  they 
can  get  the  money,  time  and  staff  they 
need  to  do  the  job. 

“The  most  effective  way  to  address 
security  within  a  company  is  to  take  a 
very  practical  approach  where  you  get 
executive  buy-in  and  the  resources  you 
need  to  educate  folks,  deploy  the  tech¬ 
nology,  monitor  it  and  reconstruct 
what  happened  if  you  have  breaches,” 
says  Karen  L.  Casser,  a  partner  at  Sym- 
bus  Law  Group  LLC  in  Washington. 
“That  way,  you  put  your  company  in  a 
position  to  argue  that  you  did  your  due 
diligence.”  C  53960 


Pratt  is  a  Computerworld  contributing 
writer  in  Waltham,  Mass.  Contact  her  at 
marykpratt@verizon.net. 
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OF  CORPORATE  IT 


Nicholas  Carr  is  at  it  again.  This  time, 
he  envisions  a  future  where  IT  has 
gone  the  way  of  the  electric  generator. 


Nicholas  G.  Carr 

In  the  spring  issue 
of  the  MIT  Sloan 
Management  Re¬ 
view,  Nicholas  6. 
Carr  continues  his 
controversial  writ¬ 
ings  about  the  fu¬ 
ture  of  IT.  His  ideas 
have  been  vilified 
and  embraced,  but 
no  one  has  called  them  boring.  This 
time,  he  told  Computerworld’s  Kath¬ 
leen  Melymuka  that  the  corporate  IT 
department  is  an  idea  whose  time 
has  almost  gone. 


instances  of  hosted  applications,  like 
Salesforce.com  or  one  company  host¬ 
ing  another’s  Web  sites.  It’s  easy  to  be¬ 
lieve  this  is  a  fragmented  phenomenon 
that  will  have  a  bunch  of  companies 
providing  a  limited  number  of  out¬ 
sourced  services. 

I  believe  it’s  a  much  bigger  wave  of 
change  in  that  today’s  entire  model  of 
business  computing  is  built  around 
fragmentation  of  basic  assets  —  every¬ 
one  having  to  buy  what,  in  many  cases, 
is  similar  equipment  and  software.  All 
that  stuff  will  ultimately  be  centralized 
outside  companies,  and  that  will  lead 
to  much  greater  efficiency  that  will 
translate  into  lower  costs  and  greater 
reliability  for  users. 


You  call  your  article  “The  End  of  Corporate 
Computing.”  Why?  Up  till  now,  it’s  been 
assumed  that  companies  have  to  own 
the  basic  assets  involved  in  computing. 
I  think  we’re  moving  to  a  time  when 
that  assumption  will  be  overturned 
and  those  assets  will  begin  moving 
from  within  companies  to  more  cen¬ 
tralized  utility  suppliers. 

It’s  a  shift  similar  to  what  we  saw 
100  years  ago,  when  all  manufacturers 
maintained  their  own  electric  genera¬ 
tors  to  power  machinery.  Over  20  or  30 
years,  they  shut  down  those  generators 
and  began  to  buy  electricity  from  utili¬ 
ties.  Just  as  today  we  wouldn’t  talk  in 
terms  of  corporate  electricity  genera¬ 
tion,  I  think  tomorrow  we  won’t  talk  in 
terms  of  corporate  computing. 

There  has  been  lots  of  discussion  over  the 
past  few  years  about  utility  computing. 
What’s  different  about  your  take  on  it?  I  try 

to  look  at  the  economics  of  business 
computing  as  opposed  to  the  technol¬ 
ogy  of  utility  computing  itself.  I  argue 
that  up  till  now,  a  lot  of  the  utility  com¬ 
puting  discussion  looked  at  isolated 


Assuming  you’re  right,  this  is  more  of  a  grad¬ 
ual  evolution  than  a  “sky  is  falling”  event, 
right?  Absolutely.  We’re  not  going  to 
wake  up  tomorrow  and  get  all  our 
computing  requirements  through  a 
socket  in  the  wall.  It  will  take  a  couple 
of  decades  for  this  to  roll  out.  It’s  a 
matter  of  utility  suppliers  slowly  build¬ 
ing  up  enough  scale  and  enough  exper¬ 
tise  that  they  can  replace  ever  larger 
internal  data  centers. 

It  tends  to  start  with  smaller  compa¬ 
nies  that  find  it  difficult  to  buy  and 
maintain  their  own  systems.  Those  are 
the  first  ones  to  move  to  a  utility  mod¬ 
el.  As  the  utility  model  gains  greater 
efficiency,  it  will  get  scale  advantages 
over  larger  corporate  IT  functions. 

The  utility  model  brings  dependence  on  a 
single  vendor,  which  reasonably  worries  IT 
folks.  How  would  you  keep  the  utility  honest? 

That’s  a  good  question,  because  be¬ 
yond  the  interests  of  individual  users, 
there’s  a  danger  of  too  much  of  this 
very  important  infrastructure  falling 
into  the  hands  of  too  few  companies. 

It’s  critical  that  there  continues  to  be 


competition  both  at  the  level  of  the 
utility  and  of  component  suppliers  to 
the  utility.  Don’t  think  hardware  and 
software  companies  will  go  away; 
they’ll  just  shift  from  supplying  the 
user  to  supplying  the  utility  company. 
So  it’s  critical  at  the  highest  level  to 
ensure  strong  competition  between  all 
those  parties.  Eventually,  as  with  elec¬ 
tricity,  it  may  require  the 
government  moving  in  to 
ensure  that  there  isn’t  too 
much  consolidation. 

At  the  individual  company 
level,  there  are  certain  risks 
involved  in  consolidating 
your  assets  with  one  supplier,  but  also 
considerable  gains.  Ultimately,  those 
advantages  of  getting  rid  of  the  respon¬ 
sibility  for  expensive,  finicky  assets 
will  come  to  overwhelm  fears  of  letting 
somebody  else  run  this. 

Looking  at  the  electricity  analogy,  electricity 
doesn’t  involve  the  kind  of  security  risks  in¬ 
herent  in  data  transfer.  How  does  security  fit 
into  this  picture?  I  think  that  ultimately 
centralizing  control  over  a  lot  of  the 
basic  IT  infrastructure  will  actually  in¬ 
crease  the  level  of  security  over  the 
current  highly  fragmented  and  distrib¬ 
uted  model.  Where  IT  is  more  distrib¬ 
uted,  it’s  more  vulnerable  in  many 
ways.  One  of  the  advantages  of  a  utility 
model  is  that  the  entire  success  and 
fate  of  the  utility  hinges  on  its  ability  to 
maintain  security. 

Having  said  that,  there  are  certainly 
different  security  issues  when  you 
have  consolidation  of  data,  and  at  a 
technology  and  policy  level,  it’s  going 
to  take  some  innovations  and  advances 
to  get  to  the  level  of  security  necessary 
for  really  large-scale  utilities  to  emerge. 
But  over  time,  economics  will  drive 
those  and  it  will  happen. 

You  say  an  outside  supplier  will  take  respon¬ 
sibility  for  all  of  a  company’s  IT  requirements 
-  from  infrastructure  and  storage  to  applica¬ 
tions.  Isn’t  that  like  expecting  the  power 
company  to  also  supply  your  light  bulbs,  TV 
and  vacuum  cleaner?  Not  really.  A  key 
difference  [between  electricity  and  IT] 
is  the  number  of  layers  of  applications, 
and  I  don’t  mean  just  application  soft¬ 
ware.  With  electricity,  you  had  genera¬ 
tion  and  uses  that  had  to  take  place 
locally  —  like  the  vacuum.  With  IT, 
there’s  the  basic  infrastructure,  then 
a  layer  of  application  software  that  can 
increasingly  be  run  remotely.  Then  how 
the  outputs  of  that  application  software 
are  used  by  companies  —  that’s  the 
“vacuum”  layer  that  will  stay  local. 

Companies  will  still  have  to  figure 
out  how  to  best  use  the  information  in 


software  applications  and  how  to  adapt 
processes  and  do  all  the  stuff  that  you 
need  to  do  today.  The  difference  is  that 
someone  else  can  worry  about  all  the 
underpinning. 

In  your  vision,  does  anything  recognizable  as 
IT  still  exist?  Under  this  model,  what  we 
now  call  an  IT  department  is  unlikely 
to  continue  to  exist  in  its 
present  form,  but  I  think 
you’ll  still  need  people  that 
combine  deep  technical 
knowledge  with  strong  busi¬ 
ness  and  process  knowledge, 
because  there  is  still  going 
to  be  a  need  for  that  person  who  can 
translate  everything  you’re  buying 
from  outside  providers  and  interface 
that  to  your  own  processes. 

If  you  make  the  assumption  that  re¬ 
cently  IT  departments  have  begun  to 
shift  to  more  of  a  process  and  business 
focus,  in  some  ways  this  will  be  a  con¬ 
tinuation  of  that  shift.  ©  53976 


TO  THE  DEBATE? 


Get  Over  Yourself 
In  a  Q&A  based  on  his  article 
in  Harvard  Business  Review, 
Carr  argues  that  IT  has  become 
so  pervasive  that  it  offers  little 
strategic  advantage. 

MAY  12, 2003 
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IT  Does  So  Matter! 

A  virtual  roundtable  of  IT 
experts  rebuts  Carr's  argument. 
JULY  7, 2003 
©  QuickLink  39375 


Speakers  Clash  in  Spirited 
Debate  Over  IT  Relevance 
Bob  Metcalfe  and  Carr  square 
off  at  the  Premier  100  IT  Leaders 
Conference  on  the  question  of 
whether  IT  really  offers  compa¬ 
nies  a  competitive  advantage. 
MARCH  15. 2004 
©  QuickLink  45408 


Reflections  on 
Turbulent  Times 
A  short  interview  with  Carr  about 
the  continuing  controversy  over 
his  article  and  subsequent  book. 
MAY  17, 2004 
©  QuickLink  46433 
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DANGEROUS  MINDS 

Nicholas  Carr  discusses  the 
sometimes  hostile  responses 
to  his  ideas: 
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WE  KEEP  YOUR  PEOPLE  MOVING 
WITHOUT  SHAKING  THINGS  UP 
AT  THE  OFFICE. 


IP  Telephony 


Contact  Centers 
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Services 
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Soon,  over  99  million  employees  worldwide  will  be  working  outside  the  office.’  Is  your  communications 
infrastructure  ready?  It  will  be  with  Avaya  IP  Telephony.  Give  your  employees  the  capability  to  work  from  the 
road,  at  home,  anywhere  — with  advanced  solutions  that  are  easy  to  use  and  simple  to  maintain. 

Keep  your  existing  network  up  and  running.  Avaya  lets  you  leverage  your  existing  technology  in  a  multi-vendor 
environment,  so  you  can  migrate  your  IP  deployment  with  confidence. 

Secure?  Absolutely.  Our  industry-leading,  end-to-end  media  encryption  protects  each  IP  call.  Avaya  experts  help 
you  design,  seamlessly  implement,  manage,  and  maintain  your  network  for  fully  optimized  performance.  As  the 
award-winning  leader  in  IP  telephony,2  and  with  our  unique  approach  of  embedding  communications  at  the  heart 
of  your  business,  Avaya  is  the  perfect  partner  to  help  keep  your  people  connected,  no  matter  where  they  are. 

GET  STARTED  AT  WWW.AVAYA.COM/MOVING-WITH  A  FREE  WHITE  PAPER 
“BEST  PRACTICES  FOR  IP  DEPLOYMENT  IN  A  MULTI-VENDOR  ENVIRONMENT.” 

Or  call  1-866-697-5566  to  speak  to  a  representative. 
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The  Lake  Wobegon  Effect 


Letters  of  recommendation  are 
standard  for  job  applications, 
but  are  they  really  useful?  They 
are  if  you  know  howto  read  them,  says 
Mike  Aamodt,  an  organizational  psy¬ 
chologist  at  Radford  University  in  Rad¬ 
ford,  Va 

Naturally,  job  applicants  ask  some¬ 
one  for  a  recommendation  only  if  they 
think  it's  going  to  be  positive.  Aamodt 


key  to  deciphering  the  reference  letter 
is  to  break  it  down  into  the  key  words  or 
traits  used  to  describe  the  candidate.  If 
an  applicant  is  called  “accurate,"  “de¬ 
tailed"  and  “careful,”  that  could  be  a 
good  sign,  because  those  are  positive 
indicators  for  certain  types  of  jobs.  On 
the  other  hand,  referring  to  a  person  as 
“creative”  or  saying  he  “works  fast"  may 
send  a  completely  different  message. 


says  that  of  nearly  6,800  different  refer-  “If  you  are  trying  to  build  a  team,' 


ence  ratings  he’s  studied,  96%  placed 
the  candidates  above  average.  “It’s  like 
Lake  Wobegon,  where  Garrison  Keillor 
says  that  all  children  are  above  aver¬ 
age,"  says  Aamodt. 

“Nevertheless,”  he  adds,  “reference 
letters  can  provide  valuable  insight 
about  a  candidate  if  read  correctly.”  The 


Aamodt  suggests,  “look  for  words  [or 
phrases]  like  ‘agreeable’  and  ‘gets 
along  with  others.’" 

Aamodt  presented  his  findings  re¬ 
cently  at  the  annual  meeting  of  the  So¬ 
ciety  for  Industrial  and  Organizational 
Psychology  in  Los  Angeles. 

-Mitch  Betts 


Q&A 


Karen  M. 
Rubenstrunk 


TITLE: 

Senior  client  partner 

COMPANY: 

Korn/Ferry  International, 
Tysons  Corner,  Va. 


Having  recently  decamped 
from  the  former  Meta  Group, 
where  she  spent  10  years 
providing  counsel  and  advice 
to  Fortune  500  CIOs, 
Karen  M.  Rubenstrunk  is 
still  interested  in  what’s 
going  on  at  the  top  of  the  IT 
organizational  food  chain  in 
her  new  role  at  executive 
recruitment  firm  Korn/Ferry. 
She  spoke  with  contributing 
editor  Jamie  Eckle. 


What  are  companies  telling  you  that 
they’re  looking  for  in  senior  IT  leaders 
these  days?  Have  the  must-have  char¬ 
acteristics  changed  in  recent  years? 

The  must-haves  haven’t  changed.  I  have  a 
tendency  to  be  fairly  cynical  about  this 
idea  that  the  CIO  has  suddenly  become  a 
business  leader,  needs  to  be  from  the 
business,  technology  is  secondary,  etc. 
The  reason  I  am  cynical  is  that  the  job  de¬ 
scription  for  most  CIOs  reads  fairly  close 
today  to  what  it  did  two  years  ago. 

What  is  different,  however,  is  which 
skills  are  at  the  top,  which  skills  are  being 
tested  the  hardest  through  the  interview¬ 
ing  process,  and  the  percentage  of  clients 
actually  hiring  to  the  job  spec.  Clients 
want  a  multifaceted  executive  who  has  the 
business  acumen  to  run  a  business  unit 
whose  products  and  services  are  technol¬ 
ogy-based.  Communications  skills,  rela¬ 
tionship  management  skills  and  financial 
(read:  value)  analysis  skills  have  moved  to 
the  top  of  the  list.  From  an  interviewing 
perspective,  clients  are  looking  for  indica¬ 
tions  of  resiliency,  incredibly  crisp  com¬ 
munications  and  passion.  I  believe  this  is 
happening  for  two  reasons:  1)  The  CIO  to¬ 
day  is  much  more  involved  in  maximizing 
the  effectiveness  of  end-to-end  integrated 
business  processes.  That  means  that  the 
executive  must  be  able  to  play  cheer¬ 
leader  and  chief  negotiator  across  multi¬ 
ple  business  units.  And  2)  CEOs  are  be¬ 
ginning  to  recognize  their  own  role,  and 
the  role  of  their  executive  team,  in  the 
success  of  the  technology  investment. 


KAREN  M.  RUBENSTRUNK 
ON  CIO  HIRING  . . . 


The  CIO  hiring  pendulum 
seems  to  be  swinging  back 
from  business  to  technology. 

It  may  be  that  technology  is  too 
complex,  and  the  impact  too 
great,  to  risk  failures  because 
of  poor  IT  negotiation  skills  or 
inadequate  understanding  of 
technical  architecture  and 
integration  issues. 

Any  difficulty  in  finding  candidates  who 
have  the  qualities  companies  are  looking 
for?  Yes,  it  is  a  seller's  market  right  now.  If 
you  think  about  it,  a  great  CIO  is  a  great 
CEO:  an  executive  who  is  responsible  for 
setting  a  compelling  vision  for  the  future 
while  at  the  same  time  assuring  that  day- 
to-day  operational  excellence  provides  the 
opportunity  to  be  in  business  in  the  future. 
You’re  talking  about  an  executive  who  is  an 
excellent  communicator,  both  strategic  and 
tactical,  and,  oh  by  the  way,  also  has  deep 
understanding  for  the  power  of  technology. 
So  if  you  look  at  it,  it’s  as  hard  to  find  that 
perfect  CEO  as  it  is  to  find  that  perfect  CIO. 
If  you  access  our  research  on  CEO  and  CIO 
profiles,  you’ll  see  that  the  profiles  of  the 
most  successful  CEOs  and  CIOs  are  quite 
similar  -  a  great  leader  is  a  great  leader. 

Now,  on  a  more  concrete  note,  we  have 
had  50  CIO  searches  open  up  in  one  of  our 


verticals  alone  within  the  last  24  months. 
The  demand  is  outstripping  supply.  As  a  re¬ 
sult,  I  have  noticed  a  much  greater  willing¬ 
ness  on  behalf  of  CEOs,  CFOs  and  COOs  to 
be  coached  in  how  to  construct  the  job  so 

l  as  to  attract  the  right  candidate. 

I 

I  What’s  the  level  of  CIO  turnover  these 
days?  It’s  about  the  same  as  it  has  been. 
Again,  having  spent  10  years  hip-deep  in 
working  with  CIOs,  I  had  a  hard  time  be¬ 
lieving  that  C/O  ever  meant  “career  is 
over”  or  that  the  average  tenure  of  CIOs 
was  24  months.  I  believe  it  is  actually 
[  more  stable  than  the  press  reports.  How¬ 
ever,  I  also  know  from  professional  and 
personal  contacts  that  many  more  CIOs 
are  looking  to  change  companies  within 
the  next  year.  I  believe  there  is  a  growing 
sense  of  “been  there,  did  it,  ready  to  move 
I  on’’  as  much  as  there  is  a  growing  discon¬ 
tent  with  the  overall  influence  of  the  CIO 
■  within  the  executive  team.  ©  53907 


AND  CIO  WANDERLUST 


SAS  and  Intel  give 

PFIZER  HEALTH 
SOLUTIONS  INC 


The  Power  to  Know' 
how  to  help  its  clients 
provide  effective  healthcare 
to  more  than  a  half-million 
patients.  Read  our  success 
story  at  www.sas.com/phs. 

V _ ) 


Power  users  have  been  tapping  into  SAS’  unmatched  breadth  and  depth  of  analytics  for  years  to  drive  their 
organizations  forward.  Now  innovation  can  come  from  anyone,  anywhere  in  your  company.  While  most 
Bl  vendors  deliver  historical  reporting  solutions,  SAS®  business  intelligence  and  analytics  software  -  on 
Intel®  Itanium®  2  processor-based  servers  -  empowers  you  to  predict  outcomes  and  make  more  effective 
decisions  throughout  your  enterprise.  SAS  takes  you  Beyond  Bl ,M  by  making  it  easy  to  put  the  power  to 
know  in  the  hands  of  everyone. 

- : 

go  Beyond  Bl  "  at  www.sas.com/Bltour  ■  Free  product  tour 
V ' 


SAS  and  ail  other  SAS  Instrtute  Inc.  product  or  service  names  are  registered  trademarks  or  trademarks  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration  Other  brand  and  product  names  are  trademarks  of  their  respective  compands.  ©  2005  SAS  Institute  Inc. 
All  rights  reserved.  ©  2006  Intel  Corporation.  All  rights  reserved.  Intel,  the  Intel  logo,  and  Itanium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  329693US.0505 
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Xilinx  Taps  Cooney 

Xiiinx  Inc.,  a  San  Jose-based 
maker  of  programmable  logic 
software,  has  appointed  KEVIN 
COONEY  from  its  Dublin  offices 
as  corporate  vice  president  and 
CIO.  Cooney  served  previously 
as  Xilinx  senior  director  of  IT  and 
business  development  for  Eu¬ 
rope.  the  Middle  East  and  Africa. 
He  will  continue  as  a  member  of 
the  board  of  directors  at  Xilinx 
Ireland  and  will  run  global  IT 
operations  from  Xilinx’s  Euro¬ 
pean  headquarters  in  Dublin. 
Prior  to  joining  Xilinx  10  years 
ago,  Cooney  served  in  a  variety 
of  executive  positions  at  Digital 
Equipment  Corp. 


U.S.8.  Names  CIO 

C.  JEFF  PAN  as  been  appointed 
CIO  and  senior  vice  president  for 
business  transformation  at  U.S.I. 
Holdings  Corp.  in  Briarcliff  Manor, 
N.Y.  Pan  is  responsible  for  trans¬ 
forming  the  company’s  processes 
for  IT,  accounting  and  administra¬ 
tive  services  to  a  more  efficient 
model.  Pan  joined  U.S.I.  in  Febru¬ 
ary  through  the  company’s  acqui¬ 
sition  of  Summit  Global  Partners, 
where  he  had  been  president 
since  2003.  He  has  also  served  in 
senior  positions  at  California  Fed¬ 
eral  Bank,  Ford  Capital  Ltd.  and 
First  Gibraltar  Bank. 


Sadiq,  Helm  to  Lead 
At  Drugstore.com 

Drugstore.com  Inc.,  a  Bellevue, 
Wash.-based  online  provider  of 
pharmacy  products,  has  appoint¬ 
ed  TALAT  SADIQ  CIO  and  JOHN 
HELM  chief  technology  officer. 
Sadia  will  oversee  all  aspects  of 
technology  planning,  develop¬ 
ment  and  operations.  Helm,  who 
will  report  to  Sadiq,  will  be  re¬ 
sponsible  for  the  overall  IT  archi¬ 
tecture  and  day-to-day  technol¬ 
ogy  operations.  Most  recently, 
Sadiq  was  vice  president  of 
strategic  business  development 
at  iSpheres  Corp.  Helm  was  pre¬ 
viously  head  of  architecture  at 
Merrill  Lynch  &  Co.  and  taught  in 
the  department  of  applied  physics 
at  Columbia  University. 


Managemenl  Control: 

A  Lost  Art 


BART  PERKINS 


The  basic  management  controls 
required  to  run  an  effective  IT  organiza¬ 
tion  are  quickly  becoming  a  lost  art.  Many 
companies  have  lost  touch  with  the  funda¬ 
mentals  of  IT  management.  The  industry 
originally  learned  these  fundamentals  during  the  1970s 
and  ’80s,  but  today  there  are  large  numbers  of  IT  orga¬ 
nizations  with  surprisingly  weak  management  controls. 


As  a  result,  these  companies 
are  often  unable  to  perform 
basic  IT  functions,  such  as 
building  coherent  business 
cases,  assessing  project  risk 
and  developing  accurate 
capacity  plans. 

How  did  this  happen?  The 
enormous  expenses  associat¬ 
ed  with  Y2k,  and  the  huge 
losses  induced  by  the  dot¬ 
com  bubble  bursting,  pro¬ 
duced  more  animosity  than 
gratitude  toward  IT.  Many  IT 
organizations  (and  CIOs)  lost 
significant  credibility  in  the 
post-Y2k  era.  Management’s 
desire  to  cut  back  on  IT  was 
exacerbated  by  a  struggling 
economy  and  falling  profits. 
Consequently,  most  IT  bud¬ 
gets  were  cut  severely  and  repeatedly. 
Virtually  everything  beyond  mainte¬ 
nance  for  existing  systems  often  got 
axed,  leaving  few  resources  for  new 
development. 

To  complicate  matters  further,  the 
industry  lost  many  experienced  execu¬ 
tives.  CIOs  grew  tired  of  the  never- 
ending  budget  wars  and  constant  at¬ 
tacks,  and  many  (who  could  afford  to) 
retired.  Unfortunately,  they  took  their 
expertise  with  them.  The  CIOs  who  re¬ 
placed  them  often  lacked  expertise  in 
delivering  new  applications,  since  their 
experience  was  acquired  in  an  era  domi¬ 
nated  by  maintenance. 

For  that  reason,  many  IT  organizations 
no  longer  understand  how  to  prioritize 
projects  effectively,  establish  cost  ac¬ 
counting  procedures  or  accurately 
estimate  a  new  system’s  production 


costs  [QuickLink  49668]. 

For  example,  one  client 
recently  requested  a  “sanity 
check”  on  a  $500  million 
plan  to  redevelop  its  legacy 
applications.  The  review 
revealed  that  the  ongoing 
production  costs  for  the 
new  applications  had  been 
underestimated  by  roughly 
$40  million  a  year.  The  CFO 
postponed  his  presentation 
to  the  board  of  directors  and 
sent  the  program  team  back 
to  the  drawing  board,  before 
the  erroneous  numbers  be¬ 
came  set  in  stone.  Unfortu¬ 
nately,  many  CFOs  don’t 
learn  of  such  errors  until 
they  show  up  as  significant 
budget  overruns,  when  it’s 
too  late  to  reset  expectations. 

Insufficient  management  controls  also 
complicate  outsourcing  efforts.  Without 
accurate  business  cases,  you  may  make 
the  wrong  outsourcing  decisions.  And 
afterward,  your  ability  to  work  well  with 
your  outsourcer  will  rely  heavily  on  ar¬ 
eas  such  as  capacity  planning,  specifica¬ 
tion  review,  change  control,  acceptance 
testing  and  cost  accounting  —  basic 
management  controls.  Without  these 
controls,  you  will  have  difficulty  select¬ 
ing,  managing  and  benefiting  from  your 
outsourcer. 

In  order  to  upgrade  your  management 
controls,  focus  on  basic  blocking  and 
tackling: 

■  Adopt  well-understood  management  prac¬ 
tices.  Unfortunately,  IT  doesn’t  yet  have 
an  equivalent  of  generally  accepted  ac¬ 
counting  principles  or  a  Financial  Ac¬ 


counting  Standards  Board  to  establish 
industry  standards.  However,  well- 
defined  procedures  for  systems  develop¬ 
ment,  change  control,  problem  manage¬ 
ment  and  so  on  are  available  from  sources 
such  as  consulting  and  research  firms. 
Some  companies  are  starting  to  use  the 
IT  Infrastructure  Library  framework 
from  the  U.K.,  although  it  isn’t  yet  wide¬ 
ly  used  in  the  U.S. 

■  Leverage  existing  expertise.  Basic  con¬ 
trols  are  well  understood  by  “gray  hairs” 
in  the  industry.  Get  advice  from  experi¬ 
enced  executives  or  outside  experts  to 
speed  the  process  and  avoid  reinventing 
the  wheel. 

■  Enlist  internal  support.  Partner  with  in¬ 
ternal  audit  or  accounting  to  help  build 
the  case  for  establishing  strong  internal 
management  controls.  Regulations  such 
as  the  Sarbanes-Oxley  Act,  the  USA  Pa¬ 
triot  Act,  the  Health  Insurance  Portabili¬ 
ty  and  Accountability  Act  and  Basel  II 
(regarding  financial  services)  all  demand 
strong  controls  to  ensure  compliance. 
Moreover,  internal  audits  can  often  pro¬ 
vide  valuable  feedback  regarding  the 
quality  of  any  existing  controls. 

■  Develop  a  rollout  plan  for  implementing 
new  controls.  Don’t  attempt  to  establish 
all  the  needed  controls  at  once.  In  large 
corporations,  this  effort  can  easily  re¬ 
quire  years  to  finish.  Break  up  your 
control  improvement  program  into  a 
series  of  interleaved  projects. 

■  Don’t  give  up.  Although  basic  controls 
are  necessary,  they  are  often  unpopular. 
You  will  probably  face  resistance  from 
people  who  don’t  like  structure.  Perse¬ 
vere! 

Basic  management  controls  are  crit¬ 
ical  to  successful  IT  management. 

They  bring  much-needed  discipline  to 
your  organization  and  enable  you  to 
deliver  products  and  services  more 
effectively. 

The  success  of  your  IT  organization 
depends  largely  on  effective  use  of  basic 
management  controls.  Refocus  on  the 
basics.  O  53959 
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are  other  IT  professionals  with  your  experience  and 


the  country,  Computerworld  will  answer  that  question 
we  deliver  the  results  from  our  19th  Annual  Salary  Survey. 


Please  take  our  survey  now  and  enter  a  drawing  to  win 
one  of  10  Apple  iPod  Minis.  Our  survey  period  closes 
Friday,  June  27, 2005,  at  5  p.m.  Eastern  time. 

e  stories  that  offer  practical  career  advice 
will  be  published  in  the  Oct  24, 2005,  issue  of  Computerworld. 

It  will  offer  detailed  information  on  average  salaries  and  bonuses, 
broken  out  by  title,  industry  and  region.  You’ll  be  able  to  compare 
your  organization’s  compensation  plans  with  those  of  other 
companies  and  find  the  hottest  areas  of  the  country  for  IT  pay. 

To  take  the  survey,  and  qualify  for  the  drawing,  goto: 
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BCCUSA,  Inc.  -  South  Portland 
ME  needs  Sr.  Software  Engin¬ 
eers  having  a  Masters  with  min 
2  years  or  Bachelors  with  min  5 
years  of  progressive  work  exp 
in  C/0+  and  Java  based  appli¬ 
cations  using  STL,  SGML, 
HTML.  JavaScript,  DTD,  XML. 
XSD  Oracle.  DB2,  Informix, 
PL/SQL,  PVCS,  Clearcase, 
Clearquest.  Netscape/iplanet 
web  servers,  IBM  WAS/WSAD, 
UNIX  and  Windows.  Competi¬ 
tive  salary  and  benefits.  M-F,  40 
hours/week.  Please  mail  your 
resume  to  BCCUSA  Inc.,  HR 
Dept,  650  Main  Street  Suite  201, 
South  Portland,  ME  -  04106. 


Aphelion  Inc.,  seeking  Systems 
Analysts  to  analyze,  develop  & 
migrate  existing  software  solu¬ 
tions  to  Net  technology;  devel¬ 
op  &  maintain  web  applications 
for  membership  management 
industry  utilizing  .Net  technolo¬ 
gy,  SQL  Server  &  WISE  soft¬ 
ware.  Candidates  must  have  a 
Bachelor's  degree  plus  1  year 
experience  in  job  offered.  Sub¬ 
mit  resume  to  Aphelion  Inc., 
Attn:  Manager-Product  Develop¬ 
ment,  1100  NASA  Pkwy,  Ste. 
606,  Houston,  TX  77058.  Put  job 
code  DEV042005  on  resume. 


Software  Anal./Dev.:  Design, 
develop  &  implement  desk- 
top/web  based  software  for 
sales/acctg/bus.  mgt.  pro¬ 
grams.  Req:  M.S.  deg. 
Comp.  Sci./Engg,  or  closely 
related  field,  w'  2  yrs.  exp.  in 
job  offered  or  in  the  design  & 
dev.  of  software  for  finan¬ 
cial/bus  mgt.  prog;  8a-5p,  M- 
F.  Resume  to;  Corp.  HR, 
Systemtec,  Inc.,  246  Stone- 
ridge  Dr.,  Ste.  301,  Colum¬ 
bia,  SC  29210;  Job  SD. 


Computer  Discoveries,  Inc.  in 
Lombard,  IL  seeks  computer 
programmers  to  develop,  create 
and  modify  computer  applica¬ 
tions  software  or  specialized  util¬ 
ity  programs.  Analyze  user 
needs,  develop  software  solu¬ 
tions  and  design  databases 
within  an  application  area.  Must 
have  Bachelors  degree  or  equiv¬ 
alent  in  computer  related  field 
plus  one  year  experience  as  a 
programmer/software  engineer/ 
software  developer  using  VB, 
Crystal  Reports,  MS-Access, 
Oracle  and  SQL  server.  Send 
resume  to  resumeiScdiconsult 
ina.com.  Must  be  authorized  to 
work  permanently  in  US. 


PeopleSoft  Team  Lead  sought  by 
Alta  Colleges,  Inc.  to  oversee  de¬ 
sign  and  implementation  of  com¬ 
plex  customizations  to  Student 
Administration,  Enterprise  Portal 
and  CRM  PeopleSoft  Suites. 
Position  located  in  Denver, 
Colorado.  Must  have  Master's 
Degree  or  equivalent  (Bachelor's 
Degree  plus  five  years  experi¬ 
ence)  in  computer  science,  com¬ 
puter  engineering  or  related  field. 
Requirements  include  working 
knowledge  of  complex  Realtime 
and  Near  Realtime  integration 
processes  and  customization  of 
PeopleSoft  Applications  Suites 
using  Workflow  automation  tools. 
Respond  by  resume  to  Michael 
Berner,  Alia  Colleges.  2000  S. 
Colorado  Blvd.,  #2-800,  Denver. 
CO  80222. 


Computer  Discoveries.  Inc.  in 
Lombard,  IL  seeks  computer 
software  developer  for  analysis, 
design,  development  and  testing 
of  software  and  database  man¬ 
agement.  Must  have  Bachelors 
degree  or  equivalent  in  comput¬ 
er  related  field  with  at  least  3 
years  of  experience  as  a  soft¬ 
ware  engineer/programmer  ana¬ 
lyst  in  healthcare,  insurance, 
retail,  distribution  or  travel  indus¬ 
try  working  in  Windows  environ¬ 
ment  using  Java,  JDBC,  Oracle, 
Struts  1.1,  Web  logic  and  XML. 
Send  resume  to  resume@cdi 
consultina.com.  Must  be  autho¬ 
rized  to  work  permanently  in  US. 


GAVS  Information  Services 
seeks  applicants  for  the  position 
of  Sales  Engineer  in  Denver,  CO 
to  sell  software  products,  en¬ 
hancements  and  upgrades  to 
corporate  clients.  Requires  2  yrs 
in  the  job  offered  or  2  yrs  of 
sales  and  marketing  experience 
and  2  yrs  of  software  develop¬ 
ment  experience  and  working 
knowlege  of  firewalls-Cisco,  PIX 
and  Checkpoint  on  Unix,  Unix 
Administration  (Solaris,  Linux), 
VOIP  (Cisco  Call  Manager, 
Unity)  and  VPN  (Cisco  and 
Linux).  Respond  by  resume  to 
Prakash  Vasant,  GAVS  Informa¬ 
tion  Services,  4155  E.  Jewell 
Ave.,  Ste.  603,  Denver,  CO 
80222. 


BCCUSA,  Inc-South  Portland 
ME  needs  experienced  Pro¬ 
grammer  Analyst  having  a 
Bachelors  with  min  2  years  of 
progressive  work  exp.  in  Oracle 
9i/8i/8.x/7.x,  Forms  9i/6i/5.0/4.5, 
SQL’Loader,  Reports  9i/6i/3.0/ 
2.5,  PL/SQL,  Business  Objects, 
Shell  Scripts  and  Toad.  Should 
be  expert  in  tuning  SQL  queries 
using  Explain  plan,  SQL'Trace 
and  TKPROF  utility.  Competi¬ 
tive  salary  and  benefits.  M-F,  40 
hours/week.  Please  mail  your 
resume  to  BCCUSA  Inc.,  HR 
Dept,  650  Main  Street  Suite 
201,  South  Portland,  ME- 
04106. 


Sr.  Software  Eng'r  (Oakland, 
CA)-Develop,  create,  &  mod¬ 
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For  example,  the  quarterly 
schedule  for  releasing  security 
updates  that  Oracle  adopted 
last  fall  is  a  sore  spot  for  Arup 
Nanda,  director  of  database 
engineering  and  operations  at 
Starwood  Hotels  &  Resorts 
Worldwide  Inc.  in  White 
Plains,  N.Y.  The  company  runs 
Oracle  Database  lOg  in  a  Real 
Application  Clusters  configu¬ 
ration,  and  Nanda  said  large 
software  patch  kits  can  be 
challenging  to  install.  He 
would  rather  be  sent  patches 
as  they  become  available. 

Thompson  said  users  can, 
in  fact,  access  patches  them¬ 
selves  from  MetaLink  when¬ 
ever  they  want,  though  only 
quarterly  patches  are  automat¬ 
ically  sent  to  users. 

Other  users  said  they  prefer 
the  regular  patch  distribu¬ 
tions,  which  include  best  prac¬ 
tices  information  and  are 
more  standardized  than  one- 
offs,  said  Ari  Kaplan,  incoming 
president  of  the  IOUG  and 
president  of  Expand  Beyond 
Corp.,  a  wireless  management 


THE  I0U0  and  two  of  Oracle's 
other  user  groups  said  last  week 
that  they're  banding  together  to 
hold  a  combined  annual  confer¬ 
ence  starting  next  year. 

In  a  similar  announcement, 
Oracle  rival  SAP  A6  and  its  inde¬ 
pendent  user  group  for  the  Amer¬ 
icas  region  said  they  plan  to  hold 
their  U.S.  conferences  back  to 
back  in  the  same  location  next 
spring. 

The  database-oriented  IOUG 
is  teaming  up  with  the  Atlanta- 
based  Oracle  Applications  Users 
Group  (0AU6)  and  the  Lexing¬ 
ton,  Ky.-based  Quest  Internation¬ 
al  Users  Group,  which  is  made 
up  of  the  J.D.  Edwards  &  Co. 
application  users  that  Oracle 
inherited  when  it  purchased 

software  vendor  in  Chicago. 

Thompson,  who  delivered  a 
keynote  at  the  conference,  had 
served  as  CIO  at  PeopleSoft 
Inc.  until  Oracle  acquired  it  in 
January  [QuickLink  51831]. 

Responding  to  customer  de¬ 
mand,  Oracle  will  now  sup¬ 
port  each  release  of  its  data- 


FeopleSoft  Inc.  earlier  this  year. 

The  initial  combined  event, 
dubbed  Collaborate  06,  is  sched¬ 
uled  to  be  held  next  April  in 
Nashville  and  will  include  educa¬ 
tional  sessions  and  keynote 
speeches  by  Oracle  employees, 
according  to  a  statement  issued 
by  the  three  user  groups. 

Incoming  IOUG  President 
Ari  Kaplan  said  that  each  of  the 
user  groups  will  manage  its  own 
specific  set  of  sessions.  For  in¬ 
stance,  the  IOUG  will  handle  the 
database  track,  said  Kaplan. 

But  while  the  groups  will  each 
focus  on  their  core  technologies, 
attendees  will  also  be  able  to  dis¬ 
cuss  common  issues,  said  John 
Matelski,  deputy  CIO  for  the  city 
of  Orlando  and  executive  vice 

base  and  Oracle  Application 
Server  for  five  years,  starting 
with  Version  9.2  of  the  data¬ 
base  and  Version  10.1.2  of  the 
application  server,  Thompson 
said.  Oracle  previously  pro¬ 
vided  three  years  of  service. 

Thompson  said  the  new 
MetaLink  content  has  been 


president  of  Quest.  He  added 
that  the  conference  will  give  the 
user  groups  a  chance  to  “begin 
working  toward  a  unified  voice 
on  topics  of  interest." 

Matelski  said  the  user  groups 
will  continue  to  hold  separate  re¬ 
gional  meetings  but  will  make  the 
combined  conference  their  only 
global  event.  “There  are  clearly 
economies  of  scale  to  be  gained 
for  the  user  groups  and  Oracle  by 
consolidating  the  [existing]  con¬ 
ferences."  he  noted. 

But  Steven  Hughes,  the 
OAUG’s  executive  director,  said 
the  decision  to  hold  a  single  con¬ 
ference  was  more  about  the 
breadth  of  information  that  could 
be  offered  to  users  than  any  fi¬ 
nancial  considerations. 

available  since  January.  The 
offering  now  includes  live 
product  demonstrations,  hun¬ 
dreds  of  tips  for  users  and  an 
enhanced  search  engine  to 
help  direct  customers  looking 
for  specific  information  or 
work-arounds. 

Since  late  last  year,  Oracle 


Smaller  Arrays,  Open-source 
Cut  IT  Costs  at  Ameritrade 


BY  LUCAS  MEARIAN 

Ameritrade  Holding  Corp.  CIO 
Asiff  Hirji  spoke  with  Computer- 
world  last  week  about  the  com¬ 
pany’s  consolidation  with 
Datek  Online  Holdings  and  its 
efforts  to  slash  IT  costs  by  re¬ 
placing  high-end  storage  arrays 
with  midrange  equipment  and 
using  open-source  technologies. 

What  are  your  greatest 
challenges  these  days? 

One,  I’m  trying  to  cre¬ 
ate  additional  function¬ 
ality  that  takes  com¬ 
plexity  out  of  trading. 

Second,  some  of  the 
vendors  we  work  with 
simply  don’t  get  where 
they  need  to  be  on  a 


cost/performance  scale. 

So  we’re  throwing  them  out 
and  replacing  them  with  peo¬ 
ple  who  get  it.  Third,  I’m  try¬ 
ing  to  cope  with  the  volume 
of  demand.  That’s  the  con¬ 
stant  battle. 

You  say  some  vendors  aren’t  get¬ 
ting  where  they  need  to  be  on  the 
cost  vs.  performance  scale.  How 
is  that  different  today  from 
two  or  three  years  ago? 
My  personal  belief  is 
something  like  90%  of 
all  databases  out  there 
right  now  could  be  re¬ 
placed  by  open-source 
because  most  of  the 
database  applications 
that  exist  are  very  sim¬ 


ple  databases  with  a  thin-layer 
application  on  top  that  says, 
“Do  a  query,  or  do  an  insert.” 
You  don’t  need  the  hundreds 
of  thousands  or  millions  of 
dollars  in  an  Oracle  imple¬ 
mentation  or  Siebel  or  anyone 
else  to  do  a  lot  of  that  stuff. 

We’ve  [also]  done  things 
like  replace  the  highest-tier- 
type  storage  systems  with  more 
midtier  storage  systems,  be¬ 
cause  the  performance  in  the 
midtier  storage  systems  has 
come  to  the  point  where,  for 
our  needs,  they  do  what  we 
need  them  to  do.  We  don’t  need 
to  spend  the  additional  money 
on  the  high-end  systems. 

How  much  money  have  you  saved 
by  replacing  the  high-end  arrays? 

I  can’t  really  give  you  a  num¬ 
ber,  but  on  a  systems-by-sys- 
tems  basis,  the  new  systems 


cost  less  than  half  what  the 
old  systems  have. 

The  Datek  acquisition  took  place 
two  years  ago.  How  has  that  con¬ 
version  effort  gone?  It’s  been 
done  for  a  year  and  a  half.  We 
managed  to  keep  something 
like  96%  or  97%  of  the  Datek 
client  base.  We  basically 
copied  the  experience  they 
had  on  Datek  onto  our  plat¬ 
forms  by  playing  Lego  with 
some  of  the  systems  and  inte¬ 
grating  a  lot  of  the  Datek  tech¬ 
nology  onto  our  platform. 

Where  did  most  of  the  cost  sav¬ 
ings  come  from?  Whacking  out 
tons  of  cost  from  the  infra¬ 
structure.  Every  dollar  I  invest 
in  storage  is  a  dollar  I  could 
have  used  in  developing  the 
next  cool  [trading]  tool. 

0  54214 


SAP  said  the  U.S.  version  of 
its  Sapphire  show  will  remain 
separate  from  the  annual  confer¬ 
ence  held  by  the  Americas'  SAP 
Users’  Group.  But  the  two  events 
will  be  held  during  the  same 
week  next  May  in  Orlando. 

SAP  is  studying  whether  it 
should  also  collocate  Sapphire 
and  user  group  conferences  in 
other  parts  of  the  world,  said 
William  Wohl,  a  spokesman  at 
SAP  America  Inc.  in  Newtown 
Square.  Pa. 

It  may  not  make  sense  in  re¬ 
gions  such  as  Europe,  “where 
there’s  more  of  a  country-by¬ 
country  focus,"  Wohl  said.  “But 
it’s  something  we’re  certainly 
willing  to  consider  if  there’s  de¬ 
mand.” 

-  Marc  L.  Song  ini.  with  John 

Blau  of  the  IDG  News  Service 

has  also  been  offering  Web 
collaboration  technology  to 
help  customers  directly  link 
up  with  a  technician  to  trou¬ 
bleshoot  problems,  Thompson 
said.  The  sessions  allow  Ora¬ 
cle  technicians  to  more  quick¬ 
ly  diagnose  problems,  speed¬ 
ing  up  resolution  times  by 
30%,  or  about  20  minutes  per 
diagnostic  session. 

Oracle  expects  the  im¬ 
proved  support  tools  will  help 
users  cut  administrative  costs 
and  thus  ease  its  reputation  as 
a  costly  database  supplier,  said 
Rebecca  Wetteman,  an  analyst 
at  Wellesley,  Mass.-based  Nu¬ 
cleus  Research  Inc.  The  im¬ 
proved  support  should  help 
users  get  by  with  fewer  ad¬ 
ministrators,  she  said. 

John  Matelski,  deputy  CIO 
for  the  city  of  Orlando,  had 
expressed  concern  about  sup¬ 
port  when  the  Oracle-People- 
soft  deal  closed.  But  he  said 
Oracle  is  “clearly  making  sig¬ 
nificant  strides  to  continue  to 
support,  sustain  and  educate 
their  customers.”  The  city 
runs  financial  applications 
that  were  developed  by  J.D. 
Edwards  &  Co.,  which  Oracle 
acquired  when  it  bought 
PeopleSoft.  O  54246 
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Blackout 


WHERE  WAS  IT?  On  Saturday,  April  30,  the  Penta¬ 
gon  released  an  unclassified  version  of  its  report 
on  a  March  4  incident  in  Baghdad,  in  which  an 
Italian  intelligence  agent,  Nicola  Calipari,  was 
shot  and  killed  by  U.S.  troops  at  a  checkpoint. 

The  unclassified  document  was  an  Adobe  Acrobat  file,  with  sections 
containing  classified  information  blacked  out.  But  for  anyone  who 
downloaded  the  document,  discovering  what  was  behind  that  elec¬ 
tronic  black  ink  was  trivial.  If  fact,  it  was  practically  unavoidable. 
And  by  Monday,  that  classified  information  was  everywhere. 

So  where  in  blazes  was  IT? 


Protecting  confidential  data  in  electronic 
form  is  certainly  part  of  IT’s  job.  The  software 
that  military  censors  used  to  black  out  those 
documents  came  from  IT.  IT  should  have  made 
sure  everything  worked  as  planned.  Instead, 
sensitive  information  such  as  military  rules  of 
engagement  became  public  knowledge. 

Let’s  be  clear:  Breaking  through  the  black  ink 
over  that  classified  text  didn’t  require  hacking 
through  encryption  or  using  some  special  tool. 
If  a  reporter  simply  opened  the  file  using  the 
standard  version  of  Acrobat  Reader,  then  cut 
and  pasted  the  text  into  any  word  processor,  the 
blacked-out  text  would  reappear. 

And  reporters  don’t  like  retyping  if  they  can 
simply  cut  and  paste.  Besides,  cutting  and  past¬ 
ing  guaranteed  that  the  report  would  be  quoted 
accurately.  So  of  course  many  of  them  cut  and 
pasted  and  saw  the  classified  information; 
they’d  have  had  to  work  hard  to  avoid  it. 

And  so  did  anyone  else  —  friend  or  foe  — 
who  downloaded  the  report. 

So  where  was  IT?  Why  didn’t  the  military 
censors  have  the  right  tools  to  remove  that 
classified  information,  not  just 
cover  it  up?  Why  wasn’t  a  standard 
process  followed  for  confirming 
that  the  classified  information  was 
removed?  Those  are  questions  the 
Pentagon  is  asking  now. 

They’re  questions  people  in  cor¬ 
porate  IT  should  be  asking,  too. 

How  often  do  people  in  your 
company  send  out  sensitive  infor¬ 
mation,  thinking  it’s  not  there  be¬ 
cause  they  can’t  see  it?  Every  time 
they  e-mail  a  Word  document.  Or 
an  Excel  spreadsheet,  or  Power¬ 
Point  presentation,  or  documents  in 


any  of  a  variety  of  other  formats.  Those  users 
may  have  deleted  that  information  from  the  vis¬ 
ible  document,  but  it  might  still  be  in  the  file. 

It  can’t  always  be  made  visible  with  a  simple 
cut  and  paste.  But  it’s  there.  And  with  a  little 
effort  by  an  unfriendly  party,  it  can  be  seen. 

Maybe  you  knew  that.  But  your  users  proba¬ 
bly  don’t.  So  your  company’s  salesmen,  market¬ 
ing  people,  lawyers  and  public  relations  reps 
may  be  revealing  sales  quotes,  product  plans, 
legal  strategies  and  other  information  they 
don’t  intend  to.  Executives  may  be  giving  away 
business  strategy  or  closely  held  financial  data. 

Where  is  IT  in  all  this?  Protecting  this  stuff  is 
what  we  do.  We  should  be  front  and  center, 
helping  users  to  avoid  leaking  secrets.  Sure,  we 
also  have  to  deal  with  worms  and  hackers  and 
other  threats.  But  we  can’t  let  users  fall  through 
security  cracks  —  especially  when  that’s  exact¬ 
ly  what  users  are  trying  hard  not  to  do. 

So  talk  to  your  users,  especially  the  ones  who 
send  documents  outside  the  organization.  Ex¬ 
plain  the  problem.  Suggest  work-arounds,  such 
as  converting  documents  to  a  different  format 
and  then  back  to  the  one  they  pre¬ 
fer.  Listen  to  their  objections.  Work 
with  them  to  find  a  practical  way 
they  can  use  to  protect  their  confi¬ 
dential  information. 

This  time,  IT  isn’t  the  users’  ene¬ 
my,  enforcing  security  rules  they 
don’t  like.  We  can  be  their  ally, 
helping  users  protect  information 
they  don’t  want  to  make  public. 

For  once,  we  can  stand  shoulder 
to  shoulder  with  users  on  the  front 
lines  of  information  security. 

Which  is  right  where  IT  should 
be.  O  54204 


frank  haves,  Computer- 
world's  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

frank.hayes@computerworid.com. 


There’s  Always  a  Reason 

This  pilot  fish's  boss  is  technologically,  um,  a  little 
slow.  “He  used  Microsoft  Works  to  print  out  some  in¬ 
formation  for  a  customer,"  fish  says.  “Then  he  brought 
it  to  my  office,  asked  me  to  scan  it  and  save  it  as  a 
PDF  file  as  well  as  using  OCR  to  create  a  Word  docu¬ 
ment,  then  print  out  the  PDF  and  snail-mail  it  to  the 
customer.  It  was  quicker  to  just  do  as  he  asked  than 
to  expiain  the  flaws  with  this  approach." 


SHARK 

TANK* 


Aha! 

This  company 
monitors  Inter¬ 
net  usage  close¬ 
ly,  and  when  one 
employee’s  numbers  are 
much  higher  than  aver¬ 
age,  management  inves¬ 
tigates.  “He  explains 
he  needs  it  for  his  job,” 
says  a  pilot  fish  in  the 
know.  “His  job?  Web¬ 
master.” 

Instant  Answer 

Manager  tells  consultant 
pilot  fish  he  can’t  see  the 
point  to  instant  messag¬ 
ing.  Why  can’t  users  just 
send  e-mail?  “I  asked 
him  when  was  the  last 
time  he  replied  to  all  the 
e-maiis  in  his  in-box  in  a 
single  day,”  fish  reports. 
“He  quietly  ended  the 
discussion.” 

So  Help  Already! 

“The  furniture  guys  just 
dropped  off  the  boxes, 
and  I  need  you  to  come 
up  and  assemble  my 
desk,”  new  hire  tells 
support  pilot  fish.  Why 
don’t  you  call  the  facili¬ 
ties  department,  baffled 
fish  asks.  User:  “Weil, 
your  extension  is  listed 
as  the  help  desk ...” 

Who’s  on  First? 

Sales  guy  calls  pilot  fish, 
asking  if  he’s  the  person 
putting  ail  the  sales  pre¬ 
sentations  on  a  CD  for 
an  upcoming  meeting. 
Yes,  fish  says.  “Will  you 


put  mine  on 
the  CD  first?” 
sales  guy  re¬ 
quests.  “I  have 
to  leave  the 
meeting  early.”  But  I'm 
not  setting  the  agenda, 
fish  points  out,  just 
putting  the  files  on  a 
disk.  “I  know,”  sales  guy 
says.  “But  they  always 
go  in  the  order  the  files 
are  on  the  CD.” 

Thanks,  I  Guess 

Sysadmin  pilot  fish  gets 
3:30  a.m.  call  from  user 
who  can’t  log  into  his 
system.  Fish  is  baffled 
by  user’s  problem  -  until 
he  realizes  it's  not  one  of 
fish’s  systems.  “Turns 
out  he  worked  for  anoth¬ 
er  company,”  fish  says. 
“But  he'd  heard  from  a 
friend  how  good  a  tech- 
support  guy  I  am,  so  he 
called  me  instead  of  his 
support  guys.” 

Eccentric? 

My  new  keyboard  sud¬ 
denly  stopped  working, 
user  tells  pilot  fish.  What 
kind  is  it?  fish  asks. 

“She  responded,  1  don’t 
know  what  brand,  but 
it’s  origami,’  ”  says  fish. 
“It  took  me  about  five 
minutes  to  figure  out 
what  she  was  talking 
about  -  she  meant  er¬ 
gonomic.  After  I  man¬ 
aged  to  stop  laughing, 
she  asked  me,  *So,  do 
you  know  anything  about 
organic  keyboards?'  ” 


OUSE  YOUR  ORTHOPEDIC  KEYBOARD  to  send  me 
a  true  tale  of  IT  life  at  sharky@computerworid.com. 
You’ll  get  a  stylish  Shark  shirt  if  I  use  it.  And  check  out  the 
daily  feed,  browse  the  Sharkives  and  sign  up  for  Shark  Tank 
home  delivery  at  computerworid.com/sharky. 


Middleware  is  Everywhere 


MIDDLEWARE  IS  IBM  SOFTWARE.  IBM  Workplace 
transforms  productivity.  Collaborate  better  with  colleagues, 
partners  and  suppliers  -  the  whole  team.  IBM  Workplace 
offers  fast  access  to  critical  information  based  on  your 
role.  With  all  of  the  collaborative  tools  you  need  to  work 
efficiently  in  one  environment,  you  can  make  better,  more 
informed  decisions.  Faster.  It’s  simply  a  better  way  to  work 


1.  IMs  stockroom  for  ’01  merlot. 

2.  Conferencing  with  design  partners 

3.  Orders  from  vendor,  wirelessly. 

4.  Driver  receives  last-minute  order. 

5.  Delivers  orders  quickly,  accurately. 


ibm.com/middleware/workplace  QD  DEMAND 
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Middleware  for  the  on  demand  world.  Learn  more  at 


IBM  Workplace 


IBM,  the  IBM  logo.  Workplace  and  the  On  Demand  logo  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and  or 
other  countries  200S  IBM  Corporation  All  rights  reserved  '  'i  V  V' 
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MIDDLEWARE  IS  IBM  SOFTWARE.  The  powerful  DB2 
Information  Management  Software  Family.  With  industry 
leading  DB2  and  Informix®  databases,  it’s  the  most  complete 
information  management  solution  available.  Built  on  open 
standards,  it  lets  you  access  content  from  various  sources. 
Integrate  information,  boost  productivity,  stay  compliant.  Plus 
gain  insight  to  make  better  business  decisions.  On  demand. 


Middleware  is  Everywhere. 


Can  you  see  it? 
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1.  Takes  virtual  tour  of  vacation  spot. 

2.  Books  flight  with  partner  airline. 

3.  Dispatches  service  automatically. 

4.  Analyzes  schedule  data  dynamically. 

5.  Business  results  reach  new  heights. 


Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/information  Qj DEMAND  BUSINESS' 


